Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That doesn't solve the greater issue. Let's say you bought an Intel CPU because your company requires remote attestation. Then a researcher publishes an exploit. Then Intel pushes an update that revokes keys from your model of CPU. What would you do, go happily spend $500 on a new one? Should we landfill millions of CPUs everytime the mouse pulls ahead of the cat?


I disagree. This seems like fantasy. First, I don't think Intel has even done this -- "pushes an update that revokes keys from your model of CPU". If they did, there would be an enormous class action lawsuit. Remember that most CPUs are bought by large corporations, with extremely deep pockets. Even if Intel were to miraculously win the case, surely their reputation would irreparably harmed.


If that were the case, spectre, meltdown and similar vulnerabilities would surely have similar class actions?


This is pretty common FWIW.

Google revokes attestation keys for Android hardware a lot, especially Widevine Level 1 keys.

Ten years into that, the public doesn't seem very excised about it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: