[Cryptography] [FORGED] Re: USB 3.0 authentication: market power and DRM?
dj at deadhat.com
dj at deadhat.com
Mon May 2 13:34:01 EDT 2016
> Hi,
>
>> One genuine reason, although it's not clear that the auth achieves it,
>> is to
>> prevent problems due to cables that lie about their capabilities. The
>> typical
>> USB cable is 28 AWG, which can't carry anywhere near the power that USB
>> 3
>> power delivery is rated for [...]
>
> I agree with that problem, but it seems to me that this spec will not
> help, since it does end-to-end authentication, but you have a
> cable-in-the-middle problem. So you have to authenticate the whole chain,
> and I currently do not see any technology that could do that.
No. This is the wrong. The PD spec is adjacent point to adjacent point.
The USB data spec is end-end through hubs. This is one of the many reasons
for treating the PD part separately from the USB data part.
>
> Perhaps a slow start mechanism like TCP would be a better idea (to ramp up
> the power slowly), and to measure the temperature of the cable all the
> time.
Measurement and electrical defense is orthogonal to establishing if
quality and compliance have been attested to cryptographically. You can
still do measurement if you want to.
DJ
More information about the cryptography
mailing list