←back to thread

Apple already shipped attestation on the web, and we barely noticed

(httptoolkit.com)
596 points pimterry | 2 comments | 25 Jul 23 14:10 UTC | HN request time: 0.449s | source
Show context
lifeisstillgood ◴[25 Jul 23 14:29 UTC] No.36862777[source]
I kind of get both sides here. If we take the "see the best of others intentions" then a web that is populated by identified humans (and their authorised proxies!) is likely to be the "cleanest", most ideal web space we can see (a web full of sock puppets and link farms is not ideal).

The clearest end point for this is some government issued digital ID that just asserts who you are, acts as a login etc.

You can see this as a stepping stone to there. if you squint.

Is it the idealism of the 70s coke to life? No. Is it some sane compromise - I think so.

What if we cannot trust our government ? Sorry it is pretty sure that no internet is going to solve that. That's on the real world.

replies(10): >>36862946 #>>36863031 #>>36863074 #>>36863126 #>>36863250 #>>36863286 #>>36863456 #>>36863735 #>>36864436 #>>36871915 #
1. lifeisstillgood ◴[26 Jul 23 01:09 UTC] No.36871915[source]
So just cohering some thoughts here

Imagine I am Twitter / Instragram and want to be sure that User X is the human owner of the account and just posted a brilliant comment / photo. Or a bank wanting to be sure to move money to a new account.

I can use webauthn to sign a nonce so I can be sure the device sending the request has access to private key for the HSM / secure enclave.

Now if the device is compromised, the OS is under malicious control, does this still hold? Can We assume the secure enclave is proof of the OS fails? I know the secure enclave is basically sealed off and as it is what signs my nonce then yeah I think even in face of OS compromise the webauthn section works.

Yes the nonce I generated has been signed, so the user has the device, but has the user seen the same content / bank transfer details that I am seeing? The user thinks they are sending grandma ten bucks but actually they are transferring 5000 to dodgy account, think they are ordering a sweater on Amazon but actually sending 10 airpods to a new address.

Yeah secure enclaves and other HSM identity systems work and webauthn would greatly reduce the amount of authentication failures - that's a huge win.

And it leaves anti-fraud measures pretty much where they are now - how likely is it this guy wants 20 airpods sent to Alabama?

The thing this is solving is "can we make the entire device as trustworthy as the secure enclave?" And frankly the answer is no. And if you cannot all you are doing then is saying does this device look like a human eyeball which is adjacent to "you cannot browse the web with adblock on".

So I was wrong earlier. This is all about can we trust the user has seen what content the web server ha seen. And no we cannot unless we can verify the whole stack - hardware to OS to javascript. And we are a long way from that.

Maybe we can build a seperate device for that - but really if we could we can build the first one just as securely.

This is basically trusted computing and who gets to sign which binaries?

Webauthn exists and is great and should be used everywhere.

We are fairly sure that the secure enclave / external HSM is so hard to break we can trust webauthn works at all but APT levels.

Any issues over "is the content the webserver gets what the user saw (ie are they compromised) is an issue of fraud prevention.

I have a seperate device from my bank - i have to enter the contents of the transaction. The trust level then is through the roof. Both devices need it be compromised at same time. one has no internet access.

At this poknt it seems obvious who could act as trust providers for content - anyone able to get a simple HSM into my hands as a seperate device.

replies(1): >>36872183 #
2. lifeisstillgood ◴[26 Jul 23 01:48 UTC] No.36872183[source]
So short answer: We need air-gapped HSM with keypads.

Webauthn works great for authentication. we can pretty much trust the secure enclave to verify a nonce even if OS is compromised.

But we cannot trust the content. And it gets high friction. But basically you need the air solex HSM to take a nonce typed in by user and based on human verified values (ie dollar amount) and maybe hash values (though possibly compromised).

And such high friction destroys many assumptions and business models. It might be the best solution - will see if I can find any reading materials