You make a valid point, but I still don’t see why attestation is necessary. In a corporate setting, sure, it’s probably important to remotely verify that the OS is still untampered–except, oh wait, you can do that with the FOSS, opt in, privacy respecting, auditor app. If you install it via MDM you can install, set up, and then block the app so the user doesn’t do something dumb.
As for my bank and other such companies, from a legal standpoint I’m already liable if my device is compromised. In almost every Terms and Conditions, it will include a clause that they cannot guarantee your device, or any device you use to access their service, is free from malicious software, and thus it is up to you to keep your account secure.
If you can tell me an actual use case for attestation that isn’t purely for discrimination, I’m all ears. But if you want to tell me I should be in support of something because it’s better than the other thing, all the while ignoring the fact that it has no need to exist in the first place, I’m certainly not going to be swayed to agree with you.
You make a valid point, but I still don’t see why attestation is necessary. In a corporate setting, sure, it’s probably important to remotely verify that the OS is still untampered–except, oh wait, you can do that with the FOSS, opt in, privacy respecting, auditor app. If you install it via MDM you can install, set up, and then block the app so the user doesn’t do something dumb.
As for my bank and other such companies, from a legal standpoint I’m already liable if my device is compromised. In almost every Terms and Conditions, it will include a clause that they cannot guarantee your device, or any device you use to access their service, is free from malicious software, and thus it is up to you to keep your account secure.
If banks were really serious about security, more of them would offer yubikey support. None of mine do, unless they just brought it online.
I see you have made up your mind and nothing said will change it. 🙄
If you can tell me an actual use case for attestation that isn’t purely for discrimination, I’m all ears. But if you want to tell me I should be in support of something because it’s better than the other thing, all the while ignoring the fact that it has no need to exist in the first place, I’m certainly not going to be swayed to agree with you.