zlacker

[return to "Google Chrome Proposal – Web Environment Integrity"]
1. Showal+nV[view] [source] 2023-07-19 05:51:22
>>screen+(OP)
>6.1.1. Secure context only Web environment integrity MUST only be enabled in a secure context. This is to ensure that the website is not spoofed. Todo

do they realize that you can use a custom certificate / patch the check routines? I don't think they quite realize what they are even suggesting.

◧◩
2. kevinc+kX2[view] [source] 2023-07-19 17:47:17
>>Showal+nV
You are the one being naive. This will be a cryptographically signed stack from the TPM, to the bootloader to the OS to the browser. If you flip a single bit away from the "approved" that signature will fail.
[go to top]