[Cryptography] "Death Note" elimination for hashes
Kent Borg
kentborg at borg.org
Tue Oct 22 08:39:53 EDT 2013
On 10/21/2013 10:07 PM, James A. Donald wrote:
> If there had been a credible threat to brick them all, they would
> have been made so that they could easily and routinely be updated.
Maybe. But manufacturers like selling a whole new phone maybe more than
they like putting effort and support costs into giving away a free
upgrade. (Doing an upgrade is harder than a fresh installation, so many
possible starting points, so slow to test each, so little reward for the
job well done.)
And consumers don't necessarily think it is a benefit to have a phone
that seems to be working changed at the risk of it not working. Plus,
many of them expect to buy a new phone shortly anyway.
In the case of Android, it is Google that has a clear interest in the
health of the whole ecosystem, including secure phones. And they have
been recently struggling with improving the upgrade paths. Moving their
secret sauce from AOSP into Google Play Services gives them more control
along these lines, as it makes it more closed source.
-kb
More information about the cryptography
mailing list