Comment by charcircuit
Comment by charcircuit 5 days ago
Just because OpenSSL had a CVE posted about today, that didn't mean we should go back to use HTTP for the web.
Comment by charcircuit 5 days ago
Just because OpenSSL had a CVE posted about today, that didn't mean we should go back to use HTTP for the web.
Same with remote attestation. Not all implementations are actually secure. But hopefully over time those security bugs can be ironed out and the cost to extract a key be made infeasable.
Hopefully not. What you have just said is a synonym for "But hopefully over time manufacturers will be able to completely prevent users from running unapproved software."
In the case of video game consoles that could be the case. It turned out that being able to run unapproved software results mainly in people playing pirated games. These security measures are reactive to the actions other people have taken. We already experimented with computing being the wild west where there was little to no security. It turned out that bad actors will abuse anything they can find. Even if it's not economical some attackers will still cause abuse.
There's always going to be a market for computers that can run unapproved software. I don't see that going away.
It does mean we should recognize that SSL is nice for some basic privacy/security, but not perfect security.