zlacker

[return to "Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web"]
1. grajma+TZ[view] [source] 2023-07-25 04:37:27
>>jakobd+(OP)
The attestation need not be done by Google or web browser owner themselves. This can be done by operating systems or any third party attestation just like a simple version of certification attestation. I think even though the intention behind the idea is good, the integrity of the company that suggested this is so doomed that we are all afraid. I think such proposals will come and need to come so that gradually these proposals will mutate into something useful
◧◩
2. rezona+L01[view] [source] 2023-07-25 04:47:12
>>grajma+TZ
Practically speaking yes, the OS (and further down the TPM/enclave) will be the root of attestation. Google here is starting with Google Play Integrity (previously known as SafetyNet), which is an OS-level attestation authority. On Windows, this attestation would probably be done via TPM/Secureboot and Windows integrity APIs.

That's what's scary about it, because it has the potential to make large parts of the web inaccessible unless you have a signed and sealed OS layer and browser to browse it with.

[go to top]