zlacker

[return to "Web Environment Integrity API Proposal"]
1. drbawb+fm[view] [source] 2023-07-21 19:47:19
>>reacto+(OP)
There is one thing I'm not quite clear on here:

  >The attestation is a low entropy description of the device the web page is running on.
  >The attester will then sign a token containing the attestation and content binding (referred to as the payload) with a private key.
  >The attester then returns the token and signature to the web page.
  >The attester’s public key is available to everyone to request.
I'm assuming "attester" here means "hardware authenticator." How is the attestation low entropy if it's presumably signed by a key that is unique & resident to my device? There is nothing higher entropy than a signature w/ "my" private key. That is literally saying "I [the single universal holder of the corresponding private key] signed this attestation." These days that key is realistically burned into my device at manufacturing time, and generally even if I can enroll keys on "my" device (big if), there is a very limited number of keyslots on hardware authenticators. Certainly not enough slots to present a random throwaway identity to each webpage.

I don't understand how you can have public/private key crypto as the basis for attestation and also have privacy? The two seem mutually exclusive. Is the private key supposed to be shared among a large cohort? (Which seems rather unwise, as it would make the blast radius of a compromised key disastrously huge.)

◧◩
2. cesarb+Er[view] [source] 2023-07-21 20:12:00
>>drbawb+fm
> I'm assuming "attester" here means "hardware authenticator." How is the attestation low entropy if it's presumably signed by a key that is unique & resident to my device?

From what I understood, the "attester" is a remote server, which signs the attestation with its own key, after somehow verifying that the browser and operating system and drivers and machine is not running any code that this remote server does not completely trust. That key can be used at most to identify the remote server, which is supposedly shared by a wide number of devices.

Yes, this means that your browser depends on having a working connection to that remote server for every attestation it makes, and that if that remote server colludes with the web page (or is compromised), it can leak your identity.

◧◩◪
3. goku12+de2[view] [source] 2023-07-22 13:01:14
>>cesarb+Er
The WEI spec talks at length about how ads provide revenue for the web publisher. In that context, I'm pretty sure that the 'environment' they're talking about must ensure that the ads are shown. This would mean that the attester has to invasively check the browser/app to ensure that no ad blocker is running. That would mean that the attester is most likely a proprietary application running on the user's device.
[go to top]