- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Thu, 25 Feb 2016 07:12:38 +0000
- To: David Booth <david@dbooth.org>, public-credentials@w3.org
- Message-ID: <CAM1Sok14xuFB4Pp3qMZEcXOLu+fjcAQcj-zAYWgt43ASwXskTg@mail.gmail.com>
the critical questions I had in mind was whether a comprehensive use-case existed for credentials to provide accountable prevlidged access to devices / operating systems made inoperable existed where no other existing technology is able to perform a similar, accountable solution. if each agent in the trust chain were enabled with credentials inclusive of access records, et.al. that may be provided comprehensively to parties involved with a court order, including defence lawyers, et.al. then i do not see how the merits of the claims being made today are similar to any such claims made of credentials were not available. therein, is this a political debate, a scientific debate or one that relates to the way in which we make choices about who to trust and why...? tim.h. On Thu, 25 Feb 2016 3:21 AM David Booth <david@dbooth.org> wrote: > On 02/24/2016 10:21 AM, Timothy Holborn wrote: > > Without considering the technical concept explicitly described as > > 'backdoor', is the following a true statement? > > > > "“It would be great if we could make a backdoor that only the FBI could > > walk through,” says Nate Cardozo, an attorney with the Electronic > > Frontier Foundation. “But that doesn’t exist. And literally every single > > mathematician, cryptographer, and computer scientist who’s looked at it > > has agreed.” > > > > Source: http://www.wired.com/2016/02/apple-fbi-privacy-security/ > > Since I am not a security expert I won't comment on that question. > > But on as a side note, it seems to me that Apple could make a simple > change to IOS to make it *impossible* for them to do what the FBI is > asking them to do, even if the court orders them to comply. > > If I have understood correctly, the FBI wants Apple to push to the phone > a new version of IOS that would disable the > delete-all-data-after-10-failed-unlock-attempts feature, thereby > enabling the FBI to use a brute force attack to unlock the phone. But > if Apple updated IOS to require a phone to be *already* unlocked in > order to install IOS updates, then it would be impossible for Apple to > do that. > > In fact, if Apple is currently able to disable the > delete-all-data-after-10-failed-unlock-attempts feature by pushing an > IOS update to a locked phone then it seems to me that that is a > significant security hole already, which really should be patched. > > Do others agree, or have I misunderstood something? > > David Booth > >
Received on Thursday, 25 February 2016 07:13:17 UTC