| ▲ | dcrazy 3 hours ago | |||||||
When designing a system for secure attestation, end-user programmability is not a feature. It would not be an advantage for your front door lock to be infinitely reprogrammable. It’s just a liability. | ||||||||
| ▲ | yjftsjthsd-h 3 hours ago | parent [-] | |||||||
I mean, I guess attestation might have some value, but it feels like moving the goalposts. Under the threat model of a remote attacker who can compromise a normal networked computer, I can't think of an attack that would succeed with a programmable TOTP code generator that would fail if that code generator was not reprogrammable. Can you? > It would not be an advantage for your front door lock to be infinitely reprogrammable. It’s just a liability. Er, most door locks are infinitely reprogrammable, because being able to rekey them without having to replace the whole unit is a huge advantage and the liability/disadvantage is minimal (falling under "It rather involved being on the other side of this airtight hatchway" in an unusually almost-literal sense where you have to be inside the house in order to rekey the lock, at which point you could also do anything else). | ||||||||
| ||||||||