[Cryptography] On the deployment of client-side certs
leichter at lrw.com
Thu Nov 17 06:34:05 EST 2016
>> No comment on how successful Apple is at such proper design and implementation - though I don't see anyone else trying.
> Really? Or do you mean "I don't see anyone else *the size of Apple* trying"?
> https://cryptech.is for a start, there are others.
That's, by design, a low-level hardware cryptographic engine. "It will focus on the classic low level cryptographic functions and primitives, and not get drawn into re-implementation of application protocol layers." It's an HSM. Nice to have in open source form, but by intent hardly an innovation.
No, I don't see it even trying to solve the problem addressed by "Hardware security inside the phone's chip even while the surrounding device is general-purpose and has all kinds of downloadable software. If designed and implemented properly, this is clearly the best way to gain both security and usability."
More information about the cryptography