zlacker

[return to "Google vs. the Open Web"]
1. protoc+vY[view] [source] 2023-07-26 15:05:49
>>ColinW+(OP)
This is kind of overblown isnt it?

I remember sites doing all sorts of hacks to identify and shut down IE back in the day. "Works best in Chrome/Firefox".

"The proposal calls for at least the following information in the signed attestation:

    The attester's identity, for example, "Google Play".
    A verdict saying whether the attester considers the device trustworthy.
"

So a user agent string and a weak attestation?

This seems an overcomplex nothingburger.

◧◩
2. helen_+q31[view] [source] 2023-07-26 15:20:51
>>protoc+vY
It’s a signed attestation. A user agent can be spoofed, this attestation needs to be signed cryptographically with a trusted key, for example a hardware key shipped in your device by an approved vendor. Think Apples Secure Enclave.

The goal is a verified stack - the hardware key proves you have approved hardware. The approved hardware proves you don’t have a tampered OS. The untampered OS proves you have approved binaries. The approved binaries disallow certain actions that users want such as blocking ads or downloading YouTube videos.

[go to top]