[Cryptography] On the deployment of client-side certs
thierry.moreau at connotech.com
Thu Nov 17 16:11:07 EST 2016
On 17/11/16 11:34 AM, Jerry Leichter wrote:
> [...] to solve the problem addressed by "Hardware security inside the phone's chip even while the surrounding device is general-purpose and has all kinds of downloadable software.
OK, this is a reasonable problem statement. However ...
> If designed and implemented properly, this is clearly the best way to gain both security and usability."
My bet is that is is impossible to come up with a sound API design
(between the secure chip and the hostile general-purpose digital
computing environment). Basically, if the secure chip provides a service
to a legitimate application and refrain from doing so for something
else, the secure chip needs another secure scheme for deciding which
application is legitimate.
- Thierry Moreau
More information about the cryptography