zlacker

[return to "Become Ungoogleable"]
1. superk+ji[view] [source] 2023-07-20 15:26:01
>>pabs3+(OP)
It's a fine idea. But what I'm taking away from this post is the link to the Google/Chromium web DRM prototype and summary ... yikes. https://raw.githubusercontent.com/RupertBenWiser/Web-Environ...

>- The web page executing in a user's web browser

>- A third party that can “attest” to the device a web browser is executing on, referred to as the attester

>- The web developers server which can remotely verify attestation responses and act on this information.

Chome only for now but I imagine after it's pushed to Chromium and all the browser based on that Mozilla will implement it too (just like all the other DRM FF has now).

◧◩
2. incomp+K12[view] [source] 2023-07-21 00:22:58
>>superk+ji
I can't even visualise how this would work in any meaningful way. You are going to have some software that "attests" that, say, the user is running an approved version of Chrome. But you couldn't just distribute such software everywhere, since I assume it would be trivial to extract any keys from it and then attest whatever you wanted. The site mentions "Google Play" as a possible attestor, so it would perhaps work on locked-down mobile devices, at best.
◧◩◪
3. tadfis+8r2[view] [source] 2023-07-21 04:58:24
>>incomp+K12
You can have the same cryptographic chain of trust on PCs with Secure Boot enabled. Essentially the attestation is a signed hash of the computing environment, with Microsoft as its root authority in the PC ecosystem. The kernel+boot environment is next, then the system software stack, and finally the executable image. This is exactly what is provided by the trusted execution environment on Android devices, and Google Play is just the trusted arbiter of the software signatures.
[go to top]