Comment by foltik
10 hours ago
Not sure if you’re being deliberately obtuse, but a signing key means nothing by itself. What exactly do you think is being attested TO?
Thats right: that the user can’t do what they want with their own device. Obviously your key wouldn’t be trusted if they could.
There is no other conceivable purpose that attestation could serve.
> Not sure if you’re being deliberately obtuse
Yes, they are. If there's a thread on HN about user-hostile features, you can be pretty confident that they've written a comment defending it.
There are many changes that are possible which do not harm the integrity of applications.
>the user can’t do what they want with their own device
In the same way the user can't make their device have the Microsoft Word app send them $1 million from Microsoft's bank account. Once other people are in the picture you can't always have your way.
> Attestation isn't against being able to do whatever you want with your own device.
“Prison isn’t against being able to go wherever you want.”
> There are many changes that are possible which do not harm the integrity of applications.
“Well, there’s a lot of places you can go in prison, you just can’t leave.”
Uh-huh.
> In the same way the user can't make their device have the Microsoft Word app send them $1 million from Microsoft's bank account.
This is completely incoherent. You and I both know that a bank refusing to give away someone else’s money has nothing to do with being able to run whatever code and operating systems we want to on our own devices.
Obviously they would want a username and password to authorize such an action, and it doesn’t matter one bit what piece of code sent it over.