Gregory's Server|
7 comments
  @delroth @ariadne @rcombs That may be a "non-goal" as far as the spec is concerned, but after reading the explainer it's clear to me that none of the other goals of the spec can be achieved without also making that possible. And on the commercial internet, the incentives for both attesters and site operators point towards doing that.  @carcosa if that's the case (I haven't done a full technical analysis of what they propose): I think that's a fair criticism, and I don't think a spec proposal should be accepted when it's not self-consistent. I think that's significantly more nuanced and actionable commentary than "DRM bad", and I presume that this is part of what the spec review process would go into (W3C/Whatwg/... have privacy experts reviewing these things, and they seem to already have been engaged). @delroth Yeah. Specifically, look at the discussions of the holdback mechanism, which is the one part that is supposed to prevent website operators from discriminating against unattestable browsers. Stakeholders in the security business are arguing that it's not acceptable to have holdbacks at all; I'm arguing that if implemented, holdbacks will erode over time until attestation can be used to discriminate on the basis of browser/plugins/etc. @ariadne@social.treehouse.systems @delroth@mastodon.delroth.net @rcombs@social.treehouse.systems |
@ariadne @rcombs I think that's always a reasonable worry (though tbf I do personally think providers should have a choice of how they charge for their content). But note that the proposal in question explicitly states as a non-goal "Enforce or interfere with browser functionality, including plugins and extensions."