Email or username:

Password:

Forgot your password?
All posts Thomas's posts Post Back to profile
Top-level
Orion Edwards

@thomasfuchs I read the proposal (FWIW I have significant experience with FIDO and other attestation/signing type things like it).

I can’t see how this could work in reality? Like almost all crypto things, it boils down to key distribution. For the scheme to work, there has to be a private key that signs things, for the server to verify. But where are they going to put the private key that something like an adblocker can’t just steal it?
1/

21 Jul 2023 at 1:34 | Wall-to-wall | Open on mastodon.nz
2 comments
Orion Edwards

@thomasfuchs

Apple+iOS/macOS can do it because they have end to end control of the whole stack, right down to secure hardware key storage *including hardware manufacturing*

Android phones also could, if they were motivated to. But any PC running windows or Linux, and probably also Chromebooks, literally don’t have a way to securely distribute such a private key.

🤷 as such, this doesn’t seem worrisome, rather someone’s academic plaything.

21 Jul 2023 at 1:37 | Open on mastodon.nz
Pär Björklund

@borland @thomasfuchs I'm guessing they essentially want to provide a web api for the attestation MDM solutions provide on the device. Don't know how they technically manage the keys though

21 Jul 2023 at 7:05 | Open on hachyderm.io
Go Up