[Cryptography] eliminating manufacturer's ability to backdoor users
Tom Mitchell
mitch at niftyegg.com
Mon Feb 22 22:18:45 EST 2016
On Mon, Feb 22, 2016 at 4:33 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Mon, Feb 22, 2016 at 3:58 PM, Jerry Leichter <leichter at lrw.com> wrote:
>
>> But for stuff actually being sold? Legislation may not prevent you from
>> building this it, but it sure will prevent you from gaining much of a
>> market, or making any money.
>>
>
> Counterpoint: the iPhone
>
One critical to Apple, Google and Samsung challenge is to build a device
and network
sufficiently secure to establish a low risk payment platform. The future
cash cow for
makers of all phones of all classes is point of sale payment
One flaw in most encryption tools is key management. I might have a 4k
bit key
for ssh but the local private file is protected with a lesser pass phrase.
Apple attempted
to defend a simply key pad code with an erase and halt feature with the
cloud as
a backup. Failing a backup for weeks seems to be a flaw.... Apple
could hobble
a phone that fails to backup and move data to the insecure cloud. Would
that make
the DOJ happy.
The problem of financial transactions intertwines with the problem of
secure communications.
I do not see how a transfer of $4.50 is vastly different technically than
$4.5 million +....
Globally there are thousands of banks.... Source, destination, what; all
need protections.
Other social interactions are kin.
So a question is what allows secure financial transactions on a global
scale. The bank's
servers must have very very strong methods and tools to protect billions.
Nations have
skin in the game. Failure of banks to be secure risks Trillions for
nations (trust in
their financial institutions). Nations should demand more rather than less.
A central key ring like Apple's is another fulcrum or chink.
chroot with links allows a silent outside in attack from the main root
system.
The outside in compromise would be invisible to the application in the
chroot jail
Removing links demands more storage and capability based systems might
make chroot more durable.
Virtual machines are turtles all the way down.
Deletion: simple deletion seems to be part of the problem. Will
deletions
be mandated to fail until a remote copy is logged?
Tamper evident seems a valuable feature.
Challenging....
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160222/0b89c03e/attachment.html>
More information about the cryptography
mailing list