You agreed that your employer should be able to check that the devices you use to connect to its network are not rooted. You quibbled over the definition of "your device" against the HN guidelines. When you ask most people whose phone or laptop is on a table, they'll say it's theirs, not that it's Company X's device that they are using to do work for that company.
"Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize."
> You agreed that your employer should be able to check that the devices you use to connect to its network are not rooted.
Okay I see the issue. No I do not agree with that. I'm saying if they want that guarantee then they can isolate the network. But if they don't isolate the network then it's all on them, they do not get to check all devices.
That's why my point is not just a quibble.
Also responding to the strongest interpretation sometimes means making that interpretation explicit, to make sure everyone is on the same page. In this case making the actual ownership clear. I'm not trying to dunk on you or whatever.
> But if they don't isolate the network then it's all on them, they do not get to check all devices.
This is a ridiculous point to think that I disagreed about. Of course they don't get to check that your TV and your washing machine have been rooted. I explicitly specified your devices connected to your employer's network. You're trying to interpret this in a way that doesn't make sense simply to find a point of disagreement where there is none.
Ha, now I feel like you're going out of your way to misinterpret me.
"the network" is the same network we've been talking about the entire conversation. Employer's network.
Obviously they can't control what I plug into a network they don't know about, I don't know why you think I was trying to argue that or how it's the strongest interpretation of my comment.
> "the network" is the same network we've been talking about the entire conversation. Employer's network.
That's the same network I'm talking about. I don't know why you think I'm referring to any other network. You are not allowed to connect untrusted devices to many employers' networks, and this works via remote attestation. They don't care if your TV is rooted as long as you don't connect it to their network, but if you do, they will want to make sure it isn't rooted.
> I don't know why you think I'm referring to any other network.
You started talking about my TV and my washing machine, so I thought you were accusing me of bringing in other networks to "find a point of disagreement".
Now I'm just confused why you brought up the idea of attaching them to my employer's network.
> You are not allowed to connect untrusted devices to many employers' networks, and this works via remote attestation. They don't care if your TV is rooted as long as you don't connect it to their network, but if you do, they will want to make sure it isn't rooted.
And that highlighted part is what I take issue with. They should not ask for that. Either allow my devices or ban them. They should never get to look at the attestation report for my devices (literal "my").
There's your misunderstanding. The way to allow them or ban them is via remote attestation. How else would they be able to do that? Once you understand that, you'll also understand why I brought up your washing machine.
>The way to allow them or ban them is via remote attestation. How else would they be able to do that?
The first check should be if it's their device. If the device has the correct key to show it's theirs, they could allow it right there. Or they can go further for extra security, to ask for remote attestation of their device.
If the device claims to be owned by anyone else, they should not ask for remote attestation. Why would they need it? They already have all the information they need to decide whether to allow or block. "My washing machine (unrooted)" and "claims to be my washing machine (rooted)" should be treated exactly the same by them. Allow both or ban both, depending on the purpose of the network.
And a check for rooting against my knowledge probably becomes a check for rooting at all very quickly.