zlacker

So how do you solve this? Get the government to ban CPU vendors from implementing hardware-rooted remote attestation? I can assure you that this technology is used inside corporations for their own internal security, and such a ban would weaken our ability to survive a cyberwar.

>>fleven+(OP)
Using this technology to secure non-private infrastructure, including corporate networks, makes total sense. And yes, it has some helpful properties to secure that infrastructure. But don't be mistaken, configuration mistakes still exist, as do zero days. Attestation helps against persistence, and this is valuable, but it's only one link in the chain.

That being said, extending it to everyone in a way that curtails individual control of computing devices creates an environment that is dangerous in many ways. I don't want to be in a world where only "approved" software is allowed on my computer or something. This can get wrong really quickly, and a lot of the application of attestation technology for consumers is really just about removing their freedoms.

The place where the government should step in IMO is not to ban CPU vendors from implementing this, but to pass anti-discrimination laws, so ban companies from requiring remote attestation to unlock some specific feature. They should maybe endorse it, or be allowed to warn you, but they should still allow full access regardless.

For the B2B setting there are obvious dangers of monopoly abuse, here the government just needs to enforce existing laws. Microsoft dropping the requirement that the signing key for third parties has to be trusted is IMO a major antitrust violation.

>>fleven+(OP)
> Get the government to ban CPU vendors from implementing hardware-rooted remote attestation?

Get the government to regulate the corporations requiring it. Classify any attestation requirement as discrimination or something. They're excluding people without good reason.