Attestation really, really worries me. I get it if you're working on nuclear secrets or high-end three-letter-agency stuff, but honestly the roll out to consumer services through things like this and Google's SafetyNet really, really makes me fear for the future of open computing. It's fundamentally a way to disconnect those who are different, with no ability to let those who are different either explain themselves or make a case to be let in. If computers were people, that would be very illegal -- at least in my countries -- as it forms the basis of what a "protected characteristic" actually is.
I'm a much bigger fan of systems that act either on information about threats or, again like with humans, perceived intent. Zero-trust architectures and certificate based authentication all of the same benefits, with none of the same costs.
I'm a much bigger fan of systems that act either on information about threats or, again like with humans, perceived intent. Zero-trust architectures and certificate based authentication all of the same benefits, with none of the same costs.