[Cryptography] On the deployment of client-side certs
leichter at lrw.com
Wed Nov 16 13:30:00 EST 2016
> Clearly a dedicated hardware token (or something like the new Apple T1 chip + Touch Bar) has better security properties than a smartphone which is running user-installable software....
Note that Apple is trying for the best of both worlds: Hardware security inside the phone's chip even while the surrounding device is general-purpose and has all kinds of downloadable software. If designed and implemented properly, this is clearly the best way to gain both security and usability. No comment on how successful Apple is at such proper design and implementation - though I don't see anyone else trying. (The advantage of controlling both hardware and OS....)
More information about the cryptography