[Cryptography] Apple 3rd Party dilemma

grarpamp grarpamp at gmail.com
Sun Feb 21 02:35:45 EST 2016


On 2/20/16, Henry Baker <hbaker1 at pipeline.com> wrote:
> At 11:48 AM 2/20/2016, Viktor Dukhovni wrote:
>>On Sat, Feb 20, 2016 at 02:01:10PM -0500, Phillip Hallam-Baker wrote:
>>> On Fri, Feb 19, 2016 at 5:19 PM, Henry Baker <hbaker1 at pipeline.com>
>>> wrote:
>>> > Apple got themselves into this mess, because Apple wants to control the
>>> > customer's phone.
>>> > +1
>>> > Yes, that is my belief as well.
>>> > Apple set itself up not just as a 3rd party but as an essential,
>>> non-replaceable third party. There is no choice but to trust Apple for
>>> the iPhone security.
>>> > It didn't have to be that way. There could be the option of installing
>>> your own root of trust into the hardware.
>>
>>Except that, in that case, most of the "your own root" installations would
>> be some attacker's "own root" installations.
>>
>>In practice, curated security works better for the vast majority of users.
>>
>>The vast botnets of Legacy Windows installations are compelling evidence
>> that expecting the average user to secure a general-purpose computing
>> platform is unreasonable.
>>
>>You pay a premium price for Apple to take care of the details.
>
> The *money* price isn't the major problem; the problem is the *3rd party
> doctrine,* which gives the NSA/FBI/DHS/DOJ easy/trivial access to your
> "cloud" data.  Look at how easy FBI/DOJ obtained the cloud backups of
> Farook's iPhone.
>
> The only solution is to store only fully encrypted data in the cloud; but if
> you lose your iPhone or the key, it's gone.
>
> It's also gone if you (or the govt) goes beyond 10 guesses; so the govt has
> an easy DoS attack on your data: have the TSA screw with your phone every
> time you cross the border.
>
> Hey, hey, you (govt), you (govt), get off of My Cloud!


Even the laborer these days knows some concept of backups and
security, regardless if they have any clue or motivation to do it.
There's zero reason now why hardware makers cannot include a binary
option:

a) i'm stupid, for now just show me knowledge about secure mode
b) ok, instantiate non-nanny-state secure mode

or

a) your device ships in secure mode
b) do you want to be nannied

Any maker that gratuitously retains control for whatever purpose
and does not provide this does not believe in empowerment, and is
thus shameful.


More information about the cryptography mailing list