Let's make this very clear: the backbone of the open internet is the fact that any client from any vendor can access any website, as long as they implement all the open standards a given website / application depends on. This trust is the backbone of the open internet, critical for the safety of user data and for the sustainability of the website’s business. Are you then going to authenticate all peripherals connected to the device? An automated program does not have to actually execute within this environment - it can be a device outside of the control of the client-side operating system entirely. All you can ever do is attest to the fact that the client uses software with a signature trusted by the server. Your proposal has exactly nothing to do with whether a human user is interacting with the device. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it. The only way for any service to be secure is to not trust client input blindly. Are you sure you are going to be able to maintain an up-to-date list of all the vulnerabilities of all "trusted" clients? And how are you going to mitigate all of them in time? Even with Android, a lot of known vulnerable devices are still "trusted" under SafetyNet / Play Integrity. If something is security-critical, you should not ever delegate that computation to client side and you should not ever blindly trust any client-side input, even if you can attest to any digital signature from the client. If the security of your web service depends on a specific client environment, your web service is designed wrong. Users often depend on websites trusting the client environment they run in. The entire premise of this proposal is completely flawed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |