← Back to context

Comment by lern_too_spel

13 days ago

> "the network" is the same network we've been talking about the entire conversation. Employer's network.

That's the same network I'm talking about. I don't know why you think I'm referring to any other network. You are not allowed to connect untrusted devices to many employers' networks, and this works via remote attestation. They don't care if your TV is rooted as long as you don't connect it to their network, but if you do, they will want to make sure it isn't rooted.

3 comments

lern_too_spel

Reply
Dylan16807  13 days ago

> I don't know why you think I'm referring to any other network.

You started talking about my TV and my washing machine, so I thought you were accusing me of bringing in other networks to "find a point of disagreement".

Now I'm just confused why you brought up the idea of attaching them to my employer's network.

> You are not allowed to connect untrusted devices to many employers' networks, and this works via remote attestation. They don't care if your TV is rooted as long as you don't connect it to their network, but if you do, they will want to make sure it isn't rooted.

And that highlighted part is what I take issue with. They should not ask for that. Either allow my devices or ban them. They should never get to look at the attestation report for my devices (literal "my").

  • lern_too_spel  13 days ago

    > Either allow my devices or ban them

    There's your misunderstanding. The way to allow them or ban them is via remote attestation. How else would they be able to do that? Once you understand that, you'll also understand why I brought up your washing machine.

    • Dylan16807  12 days ago

      >The way to allow them or ban them is via remote attestation. How else would they be able to do that?

      The first check should be if it's their device. If the device has the correct key to show it's theirs, they could allow it right there. Or they can go further for extra security, to ask for remote attestation of their device.

      If the device claims to be owned by anyone else, they should not ask for remote attestation. Why would they need it? They already have all the information they need to decide whether to allow or block. "My washing machine (unrooted)" and "claims to be my washing machine (rooted)" should be treated exactly the same by them. Allow both or ban both, depending on the purpose of the network.