On Mon, 9 Sep 2019, Mimi Zohar wrote:

> The remote attestation server could gate any service based on the
> certificate signer.  The first gated service, based on this feature,
> will probably be network access (eg. TNC).  If/when this feature is
> upstreamed, every company, including financial institutes,
> organizations, and governments will become THE certificate signer for
> their organization, in order to limit access to their network and
> systems.

This is already happening at scale, and a primary use-case for the 
patchset.

> Once that happens, how long will it be until the same
> feature will be abused and used to limit the individual's ability to
> pick and choose which applications may run on their systems.[1]

Isn't this already happening (in a non-abusive way) with mobile devices?

> Mimi
> 
> [1] Refer to Richard Stallman's last paragraph https://www.gnu.org/phi
> losophy/can-you-trust.en.html

Please consider if you really want to be endorsing this individual.


-- 
James Morris
<jmorris@namei.org>