[Cryptography] USB 3.0 authentication

[Jerry Leichter]

> This spec is the first part. It's addressing the authenticity of PD (power
> delivery) devices by checking that they have been provisioned with certs
> under a root controlled by the certification body. These devices may not
> have USB data capability....
How do you protect the embedded cert against physical attacks?  These are pretty low-end devices - I don't see it being possible to have really high-grade protection.  And the guys who want to build fake devices will have access to chip-level debugging stuff.

It only takes one weak implementation to expose a certificate and the whole system collapses.  I'm guessing the fallback is legal protection.  But if you really think that's a useable fallback, you can just use the law from the get-go:  Valid devices deliver some particular piece of copyrightable text, along with a trademarked image just for good measure.

                                                        -- Jerry