zlacker

[parent] [thread] 8 comments
1. riffra+(OP)[view] [source] 2023-07-21 19:10:30
I think in this case Firefox is in a different position: if it didn't support EME netflix wouldn't work.

But in this case it could report "sure, this is a real user alright" by being its own attester, can't it?

replies(4): >>aposta+gn >>gizmo6+vr >>wmf+Ds >>Mindwi+Xz1
2. aposta+gn[view] [source] 2023-07-21 20:53:14
>>riffra+(OP)
So what if Netflix doesn't work?? That is the choice of Netflix. Big content will always want more control. Firefox will never be able to keep up. They will just do a mediocre job of working against their users.

Microsoft and Real Player pushed hard for an integrated ActiveX based DRM ecosystem over a decade ago. I'm so glad that Mozilla flatly refused to entertain such idiocy. I sure wish that Mozilla still existed.

Mozilla is now just a "pick me" [1] organization to big content. They should own being a browser that caters to users, not platforms. Because they will end up with nothing.

[1]: https://www.urbandictionary.com/define.php?term=Pick%20me

replies(1): >>mschus+TD
3. gizmo6+vr[view] [source] 2023-07-21 21:11:17
>>riffra+(OP)
That depends on how the attestation is done.

If done correctly, TPMs on every computer would be preloaded with signing keys (probably microsoft). The web browerser would then ask the TPM to sign the Platform Configuration Registers, which are a hash of a challenge nonce, the system firmware/kernel/configuration/etc. This signature is then sent (along with a description of the system configuration) to an external attester. This external attester validates that:

A) the claimed configuration is "secure" (trusted kernel, bootloader, browser, etc) and

B) The TPM's signature attests to the configuration.

The validator then generates its own signed message that can be sent to the server.

In practice, I think this is logistically unworkable in todays computing environment. But with enough big players pushing for it, I don't see anything fundamentally impossible.

replies(1): >>saagar+471
4. wmf+Ds[view] [source] 2023-07-21 21:17:10
>>riffra+(OP)
If Firefox lies, sites will refuse to load in Firefox.
replies(1): >>riffra+1U1
◧◩
5. mschus+TD[view] [source] [discussion] 2023-07-21 22:09:02
>>aposta+gn
The problem is, back then most people on the Internet were techies. They knew their shit.

Today? Guess who Grandma's gonna call with "my Netflix isn't working"? And she won't care why, all she cares about is Netflix.

◧◩
6. saagar+471[view] [source] [discussion] 2023-07-22 01:54:12
>>gizmo6+vr
Right, until someone exploits the kernel and it just attests whatever it wants.
7. Mindwi+Xz1[view] [source] 2023-07-22 07:33:42
>>riffra+(OP)
Sites will just stop trusting that as an attester.

Anyone can write their own EME plug in that writes the files to disk. But it won't have the keys of any trusted module, because the reason sites trust them is because they don't do that. So it won't get accepted by anyone. Same here.

replies(1): >>riffra+aU1
◧◩
8. riffra+1U1[view] [source] [discussion] 2023-07-22 11:49:03
>>wmf+Ds
Of course, but if Google did that it would allow Firefox to complain about Google's abuse of monopoly power. I'm not sure that is a path they'd risk going through.
◧◩
9. riffra+aU1[view] [source] [discussion] 2023-07-22 11:51:09
>>Mindwi+Xz1
But they address this in the spec (kinda), suggesting that whitelisting attesters should not be possible.

Presumably this is because if it was, it would open Google to abuse of dominant position claims.

[go to top]