Comments (1)
thestinger
commented on September 25, 2024
1
The service provides you with the results of the latest verification. If it stops receiving valid attestations for the configured time period, sends an alert email. It doesn't update the data based on a failed attestation. It's assumed that a sophisticated attacker will block it from reporting so it's based around alerting you if the device starts failing to provide valid attestations.
You do not need to manually check the provided information to confirm that the device passed. That wouldn't make sense. I recommend doing a local verification as that will help you with understanding the purpose of the app.
https://attestation.app/about has further information. Your confusion seems to be that you expect that you need to check something but that's not how it works. It's checking the authenticity/integrity/identity of the device. That's the point of the app.
The information it provides to you is all in addition to the baseline of it passing the verification. That is meant for you to check to make sure that it's appropriate. It will not pass if the OS version was downgraded so you are not meant to be checking for something like that. If there was something else to check in an objective way, the app would simply do that itself.
from attestationserver.
Related Issues (20)
- use hash-source in CSP for script-src/style-src once Safari and Firefox support it for external files like Chromium (CSP v3)
- store certificate chain compressed in a single field
- New databases are not created HOT 1
- Starting server fails - DB[1] exec() near "STRICT": syntax error HOT 2
- Error: malformed database schema (Configuration) - near "STRICT": syntax error HOT 2
- Scanned invalid account QR code HOT 5
- noscript message not shown HOT 2
- Show pretty page for when nginx shows a 502 or a 405 HOT 2
- add 2fa HOT 4
- add support for the new attestation root certificate HOT 1
- add a database table with blacklisted email patterns to replace the hard-wired array in the source code
- Tutorial should explain how to use results HOT 2
- Remote Attestation: 48 hour delay verification HOT 6
- set up per-IP API rate limits via nginx configuration HOT 1
- sponge not in package.json HOT 1
- Investigate AppArmor confinement HOT 1
- Investigate SELinux confinement HOT 2
- Investigate further systemd confinement HOT 2
- When "Verified Boot Hash" changed? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attestationserver.