←back to thread

Apple already shipped attestation on the web, and we barely noticed

(httptoolkit.com)
596 points pimterry | 6 comments | 25 Jul 23 14:10 UTC | HN request time: 0.002s | source | bottom
Show context
willcipriano ◴[25 Jul 23 14:25 UTC] No.36862717[source]
Why can't you fake remote attestation? I imagine it's a bit more involved than swapping a user agent but is there some magic mechanism that makes it impossible to spoof?
replies(6): >>36862781 #>>36862809 #>>36862813 #>>36863035 #>>36863106 #>>36871239 #
1. sidewndr46 ◴[25 Jul 23 14:30 UTC] No.36862781[source]
On Intel & similar platforms, some forms of attestation are bidirectional. There is both a remote server attesting to the code's validity and the local device is able to attest that the code is ran in a manner that doesn't permit the user to modify or inspect it. This is the basis of almost all practical DRM methods and is provided under the guise of the Trusted Platform Module.

One interesting application of this kind of technology was to remove the 'analog hole'. When playing protected content, even the video stream from your PC to your monitor is actually encrypted in a manner that ostensibly prevents anyone from interecepting it.

replies(2): >>36863677 #>>36863854 #
2. aftbit ◴[25 Jul 23 15:24 UTC] No.36863677[source]
Sorry for the nitpick, but that isn't the analog hole. The analog hole occurs when your monitor displays the video. At that point, you can point a camera at it and record the video, albeit with a loss in quality. Removing the analog hole would require pushing the attestation and encryption one layer further, into your brain or eyes.
replies(1): >>36866640 #
3. mschuster91 ◴[25 Jul 23 15:35 UTC] No.36863854[source]
> One interesting application of this kind of technology was to remove the 'analog hole'. When playing protected content, even the video stream from your PC to your monitor is actually encrypted in a manner that ostensibly prevents anyone from interecepting it.

And yet, despite these fucking morons in the standard committees wasting (probably) millions of dollars in implementing CSS, HDCP and whatnot, and often enough bricked existing devices by revoking keys, HDCP strippers remain available for a dozen dollars or so on ebay, or AnyDVD so you don't have to bother with any copy protection at all.

replies(2): >>36864011 #>>36869177 #
4. sidewndr46 ◴[25 Jul 23 15:43 UTC] No.36864011[source]
I don't think HDCP was ever meant to actually stop this sort of thing. Just to make it difficult and criminal.
5. sidewndr46 ◴[25 Jul 23 18:01 UTC] No.36866640[source]
My perspective is the analog hole is all of the above: your eyes, the display, and the composite video connection (for an old standard definition TV)

Closing 1 is better than closing none

6. charcircuit ◴[25 Jul 23 20:44 UTC] No.36869177[source]
>HDCP strippers remain available for a dozen dollars or so on ebay

These don't work on the latest HDCP.