[Cryptography] On the deployment of client-side certs

Jerry Leichter leichter at lrw.com
Thu Nov 17 06:34:05 EST 2016

>> No comment on how successful Apple is at such proper design and implementation - though I don't see anyone else trying.
> Really? Or do you mean "I don't see anyone else *the size of Apple* trying"?
> https://cryptech.is for a start, there are others.
That's, by design, a low-level hardware cryptographic engine.  "It will focus on the classic low level cryptographic functions and primitives, and not get drawn into re-implementation of application protocol layers."  It's an HSM.  Nice to have in open source form, but by intent hardly an innovation.

No, I don't see it even trying to solve the problem addressed by "Hardware security inside the phone's chip even while the surrounding device is general-purpose and has all kinds of downloadable software.  If designed and implemented properly, this is clearly the best way to gain both security and usability."

                                                        -- Jerry

More information about the cryptography mailing list