←back to thread

Unpacking Google’s Web Environment Integrity specification

(vivaldi.com)
756 points dagurp | 3 comments | 26 Jul 23 11:30 UTC | HN request time: 0.013s | source
1. koffiezet ◴[27 Jul 23 11:12 UTC] No.36891858[source]
What unclear to me is how the actual verification by this attester would happen. Somehow the attester, which is also a remote service, verifies your device? Are there any details on how that would happen specifically?
replies(1): >>36903999 #
2. salawat ◴[28 Jul 23 07:34 UTC] No.36903999[source]
Basically, you build up a set of cryptographically verified computing primitived (like secure enclave) that are enforced by a hardware component with baked in from the manufacturer keys. Basically it's setting up an "owned by vendor computing channel" and baking it into the Silicon.

You won't get the chance to refuse this feature. There'll be too much money at stake for manufacturers to not retool for it. It'll be the only thing they make to sell, so take it or leave it chump.

replies(1): >>36940415 #
3. koffiezet ◴[31 Jul 23 09:42 UTC] No.36940415[source]
Sure, but the communication channel between the attester and the client which it needs to verify/attest is pretty much undefined?