[Cryptography] Apple 3rd Party dilemma
Viktor Dukhovni
cryptography at dukhovni.org
Sat Feb 20 14:48:17 EST 2016
On Sat, Feb 20, 2016 at 02:01:10PM -0500, Phillip Hallam-Baker wrote:
> On Fri, Feb 19, 2016 at 5:19 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> > Apple got themselves into this mess, because Apple wants to control the customer's phone.
>
> +1
>
> Yes, that is my belief as well.
>
> Apple set itself up not just as a 3rd party but as an essential,
> non-replaceable third party. There is no choice but to trust Apple for
> the iPhone security.
>
> It didn't have to be that way. There could be the option of installing
> your own root of trust into the hardware.
Except that, in that case, most of the "your own root" installations
would be some attacker's "own root" installations. In practice,
curated security works better for the vast majority of users.
The vast botnets of Legacy Windows installations are compelling
evidence that expecting the average user to secure a general-purpose
computing platform is unreasonable. You pay a premium price for
Apple to take care of the details.
--
Viktor.
More information about the cryptography
mailing list