[Cryptography] On the deployment of client-side certs

[Ron Garret]

On Nov 17, 2016, at 1:11 PM, Thierry Moreau <thierry.moreau at connotech.com> wrote:

> On 17/11/16 11:34 AM, Jerry Leichter wrote:
>> [...] to solve the problem addressed by "Hardware security inside the phone's chip even while the surrounding device is general-purpose and has all kinds of downloadable software.
> 
> OK, this is a reasonable problem statement. However ...
> 
>> If designed and implemented properly, this is clearly the best way to gain both security and usability."
> 
> My bet is that is is impossible to come up with a sound API design (between the secure chip and the hostile general-purpose digital computing environment). Basically, if the secure chip provides a service to a legitimate application and refrain from doing so for something else, the secure chip needs another secure scheme for deciding which application is legitimate.

It’s probably a theorem: if someone pwns your machine they can (by definition) do anything you can do.  Therefore, if you can access the “secure” chip then so can an attacker.

This is why secure hardware needs its own dedicated I/O.

rg