zlacker

>>reacto+(OP)
How can the “attesters” verify the integrity of the user agent? Sure the attestation is signed, but why can’t we mess with the data sent to the attester and just nullify the entire point of the proposal? The “browser acceptance criteria” in the spec, that would presumably contain this info, is just “TODO”. Thanks Google for conveniently omitting that key detail.

Also interesting that its implied in the explainer that attesters are just HTTP endpoint dealing with “billion-qps” traffic. Again, point above, but also how can we trust any attester to not use the (completely unobfuscated) information the user agent is sending them?

I guarantee that big websites will host their own attesters, only allow use of their attester, and require attestation for every request, allowing them to fingerprint every single user.

>>hamish+Z71
You don't send any data to the attester. It runs locally on your device, or rather is part of its core functionality. Building a chain of trust from the TPM hardware module, validating secure boot is enabled, validating the kernel and drivers have not been tampered with, eventually validating the browser has not been tampered with.

You can't run your own attester - these are implemented by the companies who provide the hardware, such as Microsoft or Apple.

>>anders+xb1
Could this be reverse engineered so that third-party browsers sent the same hash as Chrome?