← Back to context

Comment by Hizonner

10 days ago

> None of this prohibits users from modifying their bootloader, kernel, or OS image;

... unless they don't want to turn their device into a boat anchor that nothing else will talk to. It's not going to stop with age verification.

Counterproposal: fuck attestation, and fuck age verification. Individual users, not corporations, associations, or organizations, get to use any goddamned software they want any time they want for any purpose they want, and if you set up some system that can't deal with that, tough beans for you.

11 comments

Hizonner

Reply
fluidcruft  10 days ago

Or just rely on a separate trusted hardware device (think: USB+NFC yubikey) when the device itself can't be trusted.

  • altairprime  10 days ago

    There’s no way to prove you aren’t MitM-proxying a reply from a device not paired to your phone in that scenario, because the kernel ‘says’ it’s USB to the app but a patched kernel can lie about that unless the kernel is attested-unmodified-secured — and anyways USB can itself be mitm’d at the phys layer without the kernel knowing at all.

    • fluidcruft  10 days ago

      You can enroll keys on trusted hardware and then use them on untrusted hardware. That's how smartcards work. Enrollment is secure (say performed by your employer) and (in theory) extracting the private key is impossible.

      Smartcards also seem to have the ability to issue certificate requests. I think the keys inside the cards are signed by a manufacturer trust chain (I got a gemalto card to play with for signatures and places like IdenTrust were able to verify authentic cards, but I wasn't trying to fool anything so it may be possible... but they would only issue certain levels of keys for specific cards)

      I'm not saying you are wrong (I don't know enough about the details) but it all was much more sophisticated than I had thought and the chips seem to be running some sort of attestation of the chip in the card. Basically, you can't MITM things if doing so requires getting a private key that only exists in the factory. That sort of thing.

      3 replies →

    • Aachen  10 days ago

      My mom can also do the identification on my phone and unlock it for me. There is fundamentally no way to prevent proxy issues if you let people do verification themselves

      Intercepting the USB reader traffic to feed the computer a different card is about the most roundabout way of achieving that