zlacker

[return to "Remote Attestation is coming back"]
1. walter+fl[view] [source] 2022-07-30 01:50:57
>>gjsman+(OP)
Prior thread, https://news.ycombinator.com/item?id=32234561

> On-premise, open-source, customer-owned remote attestation servers are possible. Avoid outsourcing integrity verification to 3rd-party clouds.

With owner-operated OSS MDM & attestation servers, PCs can have diverse, owner-customized OS and configs, reducing monoculture binary blobs.

◧◩
2. userbi+9n[view] [source] 2022-07-30 02:21:46
>>walter+fl
PCs can have diverse, owner-customized OS and configs,

...which won't be able to interact with any of the walled gardens which will be enabled by these same technologies.

◧◩◪
3. walter+nn[view] [source] 2022-07-30 02:24:51
>>userbi+9n
That cuts in both directions. If sufficiently large customers run their own attestation servers, the discussion moves from binary yes/no attestation to the details of interoperable measurements, single-purpose OS components and provable security vs vendor lock-in.

Walled gardens care about including their large customers, so it's not as simple as locking them out. There is also an ongoing EU legislative effort to mandate digital platform interoperability, which will likely apply to attestation.

◧◩◪◨
4. userbi+Jw[view] [source] 2022-07-30 04:39:26
>>walter+nn
...and the large customers are going to treat users as the attackers to be secured against, so I don't think that's going to help one bit.
◧◩◪◨⬒
5. walter+by[view] [source] 2022-07-30 05:08:15
>>userbi+Jw
Many owner-defined OSes would be a bit better than a handful of vendor-defined OSes being imposed on the entire planet. Influencing device owners to provide sensible policies would be the next step, but at least there would be the possibility of competition, and the voices of multiple economic stakeholders.

Attestation can also be entirely local, e.g. between a device and a USB key with OSS software that is configured by the owner.

◧◩◪◨⬒⬓
6. salawa+qn1[view] [source] 2022-07-30 15:35:58
>>walter+by
Once again. To meaningfully exist seperate from digital overlords, you must be able to grok nuances of cryptography. You are dead on arrival for 95% of the populace.
◧◩◪◨⬒⬓⬔
7. walter+mH1[view] [source] 2022-07-30 17:57:33
>>salawa+qn1
Do you consider Let's Encrypt to be a digital overlord? Many are using this service successfully without being cryptography experts?

Why can't there be a "local attestation server" equivalent to Lets Encrypt, e.g. offering the Top 10 most-requested OS configurations which are not being addressed by digital overlords?

Cryptographer priests are scarce, but not numerically capped or fully monopolized by digital overlords.

[go to top]