Apple already shipped attestation on the web, and we barely noticed

(httptoolkit.com)

596 points pimterry | 2 comments | 25 Jul 23 14:10 UTC | HN request time: 0s | source

Show context

willcipriano ◴[25 Jul 23 14:25 UTC] No.36862717[source]▶

Why can't you fake remote attestation? I imagine it's a bit more involved than swapping a user agent but is there some magic mechanism that makes it impossible to spoof?

replies(6): >>36862781 #>>36862809 #>>36862813 #>>36863035 #>>36863106 #>>36871239 #

sidewndr46 ◴[25 Jul 23 14:30 UTC] No.36862781[source]▶

>>36862717 #

On Intel & similar platforms, some forms of attestation are bidirectional. There is both a remote server attesting to the code's validity and the local device is able to attest that the code is ran in a manner that doesn't permit the user to modify or inspect it. This is the basis of almost all practical DRM methods and is provided under the guise of the Trusted Platform Module.

One interesting application of this kind of technology was to remove the 'analog hole'. When playing protected content, even the video stream from your PC to your monitor is actually encrypted in a manner that ostensibly prevents anyone from interecepting it.

replies(2): >>36863677 #>>36863854 #

1. aftbit ◴[25 Jul 23 15:24 UTC] No.36863677[source]▶

>>36862781 #

Sorry for the nitpick, but that isn't the analog hole. The analog hole occurs when your monitor displays the video. At that point, you can point a camera at it and record the video, albeit with a loss in quality. Removing the analog hole would require pushing the attestation and encryption one layer further, into your brain or eyes.

replies(1): >>36866640 #

2. sidewndr46 ◴[25 Jul 23 18:01 UTC] No.36866640[source]▶

>>36863677 (TP) #

My perspective is the analog hole is all of the above: your eyes, the display, and the composite video connection (for an old standard definition TV)

Closing 1 is better than closing none

↑