Apple versus Open Fabs
On 2/19/16, Tamzen Cannoy <tamzen@cannoy.org> wrote:
http://www.macrumors.com/2016/02/19/apple-government-changed-apple-id-passwo...
" The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door. Apple sent engineers to try that method, the executives said " You don't want your secure hardware provider voluntarily "discussing" "proposing" "recovering" "sending" or "trying" anything in the "interests" of, or with, your adversary. If there was no court order for this... this is very troubling... never talk to the <adversary>, only to your client. Nor do you want your secure hardware provider to be providing you with unverifiable, therefore quite possibly, junk. You need open fabs producing open hardware. Till then the only proof you have is that some adversaries court case failed in its attack or that everyone is still standing. Neither of which are sufficiently complete proofs positive.
On 2/20/16, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
On Fri, Feb 19, 2016 at 5:19 PM, Henry Baker <hbaker1@pipeline.com> wrote:
Apple got themselves into this mess, because Apple wants to control the customer's phone.
+1
Yes, that is my belief as well.
Apple set itself up not just as a 3rd party but as an essential, non-replaceable third party. There is no choice but to trust Apple for the iPhone security.
It didn't have to be that way. There could be the option of installing your own root of trust into the hardware.
Wrong, you can't install security into closed unvalidatable therefore untrusted hardware and software. Until you solve the closed problem, and then the review problem, nothing you have will ever be secure. 1.5+ BILLION closed transistors, and untold MILLIONS of lines of closed firmware and software per average PC, similar for phone, etc... up against secret and not-so-secret, partnerships and moles and private business interests and models, increasingly "global"... simply secured by installing some root, or at all? Lol.
On Sun, Feb 21, 2016 at 12:03:04AM -0500, grarpamp wrote:
On 2/19/16, Tamzen Cannoy <tamzen@cannoy.org> wrote:
http://www.macrumors.com/2016/02/19/apple-government-changed-apple-id-passwo...
" The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door.
Apple sent engineers to try that method, the executives said "
You don't want your secure hardware provider voluntarily "discussing" "proposing" "recovering" "sending" or "trying" anything in the "interests" of, or with, your adversary. If there was no court order for this... this is very troubling... never talk to the <adversary>, only to your client.
Nor do you want your secure hardware provider to be providing you with unverifiable, therefore quite possibly, junk.
You need open fabs producing open hardware.
Till then the only proof you have is that some adversaries court case failed in its attack or that everyone is still standing. Neither of which are sufficiently complete proofs positive.
This whole apple thing reeks of political spectacle. Nothing is as it seems.. Is this really about that particular phone, or is there some effort by one faction in the secret world to open the door and shed some light on the risks the law enforcement Clipper Chip 2.0 crowd is going to put on national security? Is there an FBI insider who carefully crafted the request to the judge for maximum public political impact? Or was it a judge who is fed up with one too many secret gag orders they can't discuss? And what the hell's going on with the city, who happens to own the actual hardware. Why **this** phone? It's a perfect test case to make the system explode from it's own contradictions. In an election year, no less. Can you say "market volatility?" The enemy of your enemy is sometimes worth collaborating with.. Do we have some public signals intelligence here from the non-public folks that they don't like the FBI requesting the crypto keys to the kingdom either?
participants (2)
-
grarpamp -
Troy Benjegerdes