[Cryptography] On the deployment of client-side certs

Thierry Moreau thierry.moreau at connotech.com
Thu Nov 17 16:11:07 EST 2016

On 17/11/16 11:34 AM, Jerry Leichter wrote:
> [...] to solve the problem addressed by "Hardware security inside the phone's chip even while the surrounding device is general-purpose and has all kinds of downloadable software.

OK, this is a reasonable problem statement. However ...

> If designed and implemented properly, this is clearly the best way to gain both security and usability."

My bet is that is is impossible to come up with a sound API design 
(between the secure chip and the hostile general-purpose digital 
computing environment). Basically, if the secure chip provides a service 
to a legitimate application and refrain from doing so for something 
else, the secure chip needs another secure scheme for deciding which 
application is legitimate.

- Thierry Moreau

More information about the cryptography mailing list