Wrapping up 2022

Wrapping up 2022

That reinforces my point that it's important for a non-negligible portion of the general public to care about being able to obtain and use general-purpose computers.

> https://blog.cloudflare.com/private-attestation-token-dev...

This kind of "device's security posture" attestation is already in use within some corporate/governmental internal networks, but I'm not aware of any websites/services intended for use by the general public that require that yet.

And, if/when lots of public-facing services on the Internet that are usable from desktop PCs do begin requiring this, then it will be time once again to slap Microsoft with an antitrust complaint, as happened in 2013 and is probably the reason why Microsoft hasn't yet been able to get away with requiring Secure Boot on desktops (but has gotten away with doing that on smartphones/mobile-devices, where their marketshare isn't large). The same thing should happen to Apple and/or Google if "device posture" attestation starts to be used to do anything like preventing smartphones with the "Install unknown apps" setting enabled from accessing lots of public-facing services on the Internet.

> https://blog.cloudflare.com/introducing-cryptographic-att...

Roaming authenticators can do that without a TPM, can't they? Also, there are ways to use platform authenticators for attestation-of-personhood without needing to cryptographically lock down the entire client-side software stack; for example, there already exist some web applications (particularly ones meant for use within an organization's internal network, once again) that can be used from a PC's web browser — or, alternately, non-browser-based services that support SSO using OpenID Connect — but also use a smartphone app (which in turn relies on the smartphone's platform authenticator, and likely requires the user to authenticate themself using biometrics or a device PIN) to do 2FA.