[Cryptography] What if DoJ breaks Apple's chain-of-trust?

Henry Baker hbaker1 at pipeline.com
Thu Mar 10 20:31:39 EST 2016


We're now seeing develop in real time the
nightmare that the current Certificate
Authority chain-of-trust has become.  "A chain
is as strong as its weakest link", and we now
know where that weakest link resides: in an HSM
safe somewhere in Appleland, and that single
link seems to be vulnerable to XKCD's $5 wrench
attack.

Apple's simply not in a position to follow
Lavabit down the gang plank to oblivion, so
there is some possibility it will have to lean
over & pick up the soap.

If a chain can be broken at a single point of
failure, then we obviously need something more
robust -- analogous to fiberglass or carbon
fiber rope, where the rope holds if some % of
the fibers less than some critical threshold
are the only ones that are broken.

But such a system vastly complicates the
already complex task of getting a trustworthy
firmware update.  The firmware updater now
has to check for *certificate revocation* ?

Each chip may require some sort of internal
clock (which needs to be able to run years
w/o power -- probably doable with today's
chip technology) in order to not be fooled
into accepting no-longer-valid certificates.



More information about the cryptography mailing list