Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
direwolf20 6 hours ago

Remote attestation is literally a form of DRM

microtonal 5 hours ago | parent | next [-]

There are genuine positive applications for remote attestation. E.g., if you maintain a set of servers, you can verify that it runs the software it should be running (the software is not compromised). Or if you are running something similar to Apple's Private Compute Cloud to run models, users can verify that it is running the privacy-preserving image that it is claiming to be running.

There are also bad forms of remote attestation (like Google's variant that helps them let banks block you if you are running an alt-os). Those suck and should be rejected.

Edit: bri3d described what I mean better here: https://news.ycombinator.com/item?id=46785123

direwolf20 5 hours ago | parent [-]

I agree that DRM feels good when you're the one controlling it.

youarentrightjr 4 hours ago | parent | prev [-]

> Remote attestation is literally a form of DRM

Let's say I accept this statement.

What makes you think trusted boot == remote attestation?

direwolf20 2 hours ago | parent [-]

Trusted boot is literally a form of DRM. A different one than remote attestation.

youarentrightjr 2 hours ago | parent [-]

> Trusted boot is literally a form of DRM. A different one than remote attestation.

No, it's not. (And for that matter, neither is remote attestation)

You're conflating the technology with the use.

I believe that you have only thought about these technologies as they pertain to DRM, now I'm here to tell you there are other valid use cases.

Or maybe your definition of "DRM" is so broad that it includes me setting up my own trusted boot chain on my own hardware? I don't really think that's a productive definition.

yencabulator 34 minutes ago | parent [-]

It's possible to not implement remote attestation even when you implement secure boot.

This company is explicitly all about implementing remote attestation (which is a form of DRM):

https://amutable.com/events

> Remote Attestation of Imutable Operating Systems built on systemd

> Lennart Poettering

youarentrightjr a minute ago | parent [-]

> This company is explicitly all about implementing remote attestation (which is a form of DRM):

Is there a HN full moon out?

Again, this is wrong.

DRM is a policy.

Remote attestation is a technology.

You can use remote attestation to implement DRM.

You can also use remote attestation to implement other things.