Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.gamedev.place/users/lunarood/statuses/114337215803900867">Luna R (lunarood@mastodon.gamedev.place)'s status on Tuesday, 15-Apr-2025 01:26:26 JST</a><a href="https://mastodon.gamedev.place/@lunarood" title="lunarood@mastodon.gamedev.place"><img src="https://gnusocial.jp/avatar/231850-48-20241107091700.webp" width="48" height="48" alt="Luna R" style="position: absolute; left: 0; top: 0;">Luna R</a><div><a href="https://infosec.exchange/@ryanc/114336950991082030" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/333430" title="bo0tzz@fosstodon.org">bo0tzz</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@ryanc">@ryanc</a> <a href="https://fosstodon.org/@bo0tzz">@bo0tzz</a> Do you mean stuff like zkSENSE or Cloudflare CAP?</p><p>The former explicitly leaves data authenticity outside the threat model, making it pretty much entirely useless, as you pointed out (it's not even a secret... the paper says as much).</p><p>The latter seems to rely on hardware authentication.</p><p>Though I didn't look into the details much, because tbh I'm not particularly interested in these approaches, as they are either entirely useless or tied to specific trusted OEMs.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4892884#notice-9586749">In conversation</a><time datetime="2025-04-15T01:26:26+09:00" title="Tuesday, 15-Apr-2025 01:26:26 JST">about a month ago</time> <span>from <span><a href="https://gnusocial.jp/notice/9586749" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/9586749">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Luna R (lunarood@mastodon.gamedev.place)'s status on Tuesday, 15-Apr-2025 01:26:26 JSTLuna R
in reply to
- Ryan Castellucci :nonbinary_flag:
- bo0tzz
@ryanc @bo0tzz Do you mean stuff like zkSENSE or Cloudflare CAP?
The former explicitly leaves data authenticity outside the threat model, making it pretty much entirely useless, as you pointed out (it's not even a secret... the paper says as much).
The latter seems to rely on hardware authentication.
Though I didn't look into the details much, because tbh I'm not particularly interested in these approaches, as they are either entirely useless or tied to specific trusted OEMs.
In conversationabout a month ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice