[Cryptography] On the deployment of client-side certs
Ray Dillinger
bear at sonic.net
Thu Nov 17 11:37:00 EST 2016
On 11/16/2016 10:30 AM, Jerry Leichter wrote:
>Note that Apple is trying for the best of both worlds: Hardware security inside the phone's chip even while the surrounding device is general-purpose and has all kinds of downloadable software. If designed and implemented properly, this is clearly the best way to gain both security and usability. No comment on how successful Apple is at such proper design and implementation - though I don't see anyone else trying.
It remains to be seen whether they will bite the bullet and fully
divorce the hardware for security from the hardware that actually runs
their OS.
I REALLY doubt that they will give the security hardware its own I/O on
the first iteration though; they really hate to put visible external
bits and bobs on their hardware. And as long as they don't, it'll be
possible for something running on the OS to pretend to be the
security-hardware interface, making all their efforts at separation
meaningless.
They're more likely not to fix that until after the first few exploits
come in, and maybe not even then.
At an absolute minimum, there needs to be an externally-visible LED or
something that isn't even connected to the hardware that runs the OS.
The user should be assured that she is interfacing with the security
hardware if and ONLY if the light is on.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161117/8e5bab0a/attachment.sig>
More information about the cryptography
mailing list