You would need to create yet another version of HTTP to handle that…
We’re going down the rabbit hole, but I’ll play along:
I don’t think we’d need a “new http” version to support this. It could all be done with http headers.
Disclaimer: I’m spit balling here, there are probably more efficient ways to do this.
Anyway, when you go to your bank, included in your banks response header would be a “challenge” (a blob of data in as X-Age-ThinkOfTheChildren-Request).
Your browser would pick this up and generate a “response” and send this as part of all future requests to your bank, like an http-cookie (X-Age-ThinkOfTheChildren-Response).
The “response” was created using the banks challenge plus using the unique age certificate stored on your pc (in your TPM module), which was generated (and “officially digitally signed”) during your initial “age registration process”.
The bank looks at the response, verifies that it was probably signed by the “official age verification organization” (simply using the same technology used to verify ssl certs are valid).
Of course, this entire process depends on a “chain of trust”. The bank needs to trust that you didn’t hack your browser to forward these challenges to another pc. However, this is realistic. As part of the initial age verification process, you can only use “trusted vendors” (ie: Red Hat, Ubuntu) - this means they are required to prevent you from installing “hacked” apps. This could be in the form of preventing certain browser plug-ins and only allowing distro provided versions of your web-browser.
Banks are the slowest companies to handle that kind of modification.
True, but this also depends on the bank. Fintech banks like Revolut were the first ones to start to blocking access to phones that are rooted or running custom firmware (… because they care about security /s)
Most of the effort to implement this will be at the OS and browse level, but this would be a univeral solution. Meaning, it would be trivial for your bank, email service, porn site to support it as it’s simply generating a challenge and verifying the response.
With microslop forcing tpm 2.0 as a hardware requirement into windows 11, all the pieces are in place to pull this off - it just needs the software and the legal requirement.
We’re going down the rabbit hole, but I’ll play along:
I don’t think we’d need a “new http” version to support this. It could all be done with http headers.
Disclaimer: I’m spit balling here, there are probably more efficient ways to do this.
Anyway, when you go to your bank, included in your banks response header would be a “challenge” (a blob of data in as
X-Age-ThinkOfTheChildren-Request).Your browser would pick this up and generate a “response” and send this as part of all future requests to your bank, like an http-cookie (
X-Age-ThinkOfTheChildren-Response).The “response” was created using the banks challenge plus using the unique age certificate stored on your pc (in your TPM module), which was generated (and “officially digitally signed”) during your initial “age registration process”.
The bank looks at the response, verifies that it was probably signed by the “official age verification organization” (simply using the same technology used to verify ssl certs are valid).
Of course, this entire process depends on a “chain of trust”. The bank needs to trust that you didn’t hack your browser to forward these challenges to another pc. However, this is realistic. As part of the initial age verification process, you can only use “trusted vendors” (ie: Red Hat, Ubuntu) - this means they are required to prevent you from installing “hacked” apps. This could be in the form of preventing certain browser plug-ins and only allowing distro provided versions of your web-browser.
True, but this also depends on the bank. Fintech banks like Revolut were the first ones to start to blocking access to phones that are rooted or running custom firmware (… because they care about security /s)
Most of the effort to implement this will be at the OS and browse level, but this would be a univeral solution. Meaning, it would be trivial for your bank, email service, porn site to support it as it’s simply generating a challenge and verifying the response.
With microslop forcing tpm 2.0 as a hardware requirement into windows 11, all the pieces are in place to pull this off - it just needs the software and the legal requirement.