← Back to context

Comment by foltik

8 hours ago

Not sure if you’re being deliberately obtuse, but a signing key means nothing by itself. What exactly do you think is being attested TO?

Thats right: that the user can’t do what they want with their own device. Obviously your key wouldn’t be trusted if they could.

There is no other conceivable purpose that attestation could serve.

2 comments

foltik

Reply
dns_snek  8 hours ago

> Not sure if you’re being deliberately obtuse

Yes, they are. If there's a thread on HN about user-hostile features, you can be pretty confident that they've written a comment defending it.

charcircuit  7 hours ago

There are many changes that are possible which do not harm the integrity of applications.

>the user can’t do what they want with their own device

In the same way the user can't make their device have the Microsoft Word app send them $1 million from Microsoft's bank account. Once other people are in the picture you can't always have your way.