Fix major API design/security flaw: Denial of service on large quantity of users #34
No reviewers
Labels
No Label
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
looking for feedback
question
task
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: inhji/Web-Environment-Integrity#34
Loading…
Reference in New Issue
No description provided.
Delete Branch "20kdc/main"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The API's existence introduces a long-term denial-of-service attack against large classes of users, including but not limited to large classes of marginalized users.
Users who are running outdated devices will, over time, find themselves effectively "removed from the internet" where this API is applied.
We have seen similar effects on a smaller scale with the advent of Intel Secure Enclave hardware being required to view EME-protected content on certain media websites. However, those effects are limited to media, and particularly services willing to operate on that basis.
Such an API becoming available for general use in all contexts guarantees the effects becoming magnified across many types of content.
Marginalized users running outdated hardware will be affected.
Not to mention people who are simply trying to get more performance out of up to date, but weak hardware, in ways which cause the attestation to fail (Don't think I don't know where you got the term "Attestation" from. It's obviously going to involve Secure Enclave or equally overbearing system examination, particularly for the anticheat usecase).
Using Linux? No attestation; The kernel can't be trusted, after all.
Using Windows with drivers that don't fit the requirements? No attestation.
No TPM? No attestation.
No Secure Enclave? No attestation.
And so on.
This is a logical guarantee short of magical divine intervention, which as I hope you know, won't happen.
The only fix is deletion.
I think a more detailed explanation on why this idea is a well-written declaration of war towards the open internet would be useful.
I'm not good at war speeches. Write your own. But I do have this:
Let's define these entities:
The reason the Attestation Conditions are defined the way they are is because they are the requirements of the stated goals of the specification (for example, the anticheat part).
The definition of an open web, at a minimum (there are other hypothetical ways a browser could be built, but I would prefer not to make a mistake here), requires that, assuming:
The following must be possible:
The web should be considered, these days, as a big interpreter, or emulator.
This is important because it makes the definition of independence in regards to software a little weird due to JavaScript, but if you understand it as an emulator, it's simple.
If there are elements which inherently can't be emulated (by, for example, assistive technologies), then the web isn't open, because the reason you can't emulate those elements must be because those elements cannot be substituted by the user, implying the user couldn't independently replicate them, implying the above requirements are violated.
It is also worth noting that "Servers do not have to use this specification" does not mean anything if Servers do widely use this specification.
Giving someone else the choice to destroy the open web, framed in the cushioning blankets of security, does not absolve one of essentially pushing the button oneself.
The design of this specification is that to gain access to services provided by the Server, the Browser must do one of:
In all of these cases, an assumption above is broken. It is therefore clear that this specification violates the definition of an open web.
Can the internet stop self-destructing for TWO MINUTES
@Leo40Git ostensibly not.
Of course, the creators of this are affiliated with Google;
I'm sure you can work out the implications of that yourself.
Step 1:
From your project repository, check out a new branch and test the changes.Step 2:
Merge the changes and update on Forgejo.