Anyone looked at Device Bound Session Credentials and figured out how they ensure you are actually dealing with a device bound key?
As long as there isn't any pre-established trust to some hierarchy then I assume you can just fake the key creation?
#TPM #DBSC #Security
Morten Linderud /
npub1wv…9y89f
2024-08-28 11:48:05
Author Public Key
npub1wvthm9yvfzly58n3z8hlcjymnly0cfpsyzkl0k8kyqsq6rv3qt4qx9y89fPublished at
2024-08-28 11:48:05Event JSON
{
"id": "2a6379b1f94ffbc586a92cee3c754480adfcbe91d129bd552e85f166abac6965",
"pubkey": "73177d948c48be4a1e7111effc489b9fc8fc243020adf7d8f620200d0d9102ea",
"created_at": 1724845685,
"kind": 1,
"tags": [
[
"t",
"tpm"
],
[
"t",
"dbsc"
],
[
"t",
"security"
],
[
"proxy",
"https://chaos.social/users/Foxboron/statuses/113039486822165691",
"activitypub"
]
],
"content": "Anyone looked at Device Bound Session Credentials and figured out how they ensure you are actually dealing with a device bound key?\n\nAs long as there isn't any pre-established trust to some hierarchy then I assume you can just fake the key creation?\n\n#TPM #DBSC #Security",
"sig": "8736245eaf510d9ba4e47267f78710b895019fa677827d07155331fba9c2d151c1ecac92052b6d2cd564e39e0eee56d695ac1e03dca9c5ad32de24694311c225"
}