- From: Colin Gallagher <colingallagher.rpcv@gmail.com>
- Date: Tue, 1 Mar 2016 16:30:14 -0800
- To: "Berenzon, Alex" <alex.berenzon@intel.com>
- Cc: "anders.rundgren.net@gmail.com" <anders.rundgren.net@gmail.com>, "Virginie.Galindo@gemalto.com" <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>, "wayne.carr@linux.intel.com" <wayne.carr@linux.intel.com>, "rigo@w3.org" <rigo@w3.org>
- Message-ID: <CABghAMi-P2QEq5Zih4yNjaMaqvSN0Vj5im+8JDCwqGMcO30+-g@mail.gmail.com>
Hello, Relating to this "TEE for all on Android" / Trusty conversation, please see also the following discussion: https://www.reddit.com/r/Bitcoin/comments/47g89e/next_evolution_in_bitcoin_security_hardware/ My remarks on this (I am a bit skeptical about it due to the inability to conduct a full audit) are here, at the bottom of this discussion thread (I am pcvcolin on reddit): https://www.reddit.com/r/Bitcoin/comments/47g89e/next_evolution_in_bitcoin_security_hardware/d0iyd2u?context=3 On Tue, Mar 1, 2016 at 10:10 AM, Berenzon, Alex <alex.berenzon@intel.com> wrote: > Hi, > > Please note that there are other TEEs available today (and assuming more > to come) that are targeting general ISVs and not device integrators. > Typically, in such TEEs, a trusted application is isolated from the TCB of > other trusted applications and their resources. > > - Alex. > > -----Original Message----- > From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com] > Sent: Tuesday, March 01, 2016 19:37 > To: GALINDO Virginie <Virginie.Galindo@gemalto.com>; > public-web-security@w3..org > Cc: Wayne Carr <wayne.carr@linux.intel.com>; Rigo Wenning <rigo@w3.org> > Subject: Re: [W3C Web Security IG] TEE for all on android > > On 2016-03-01 17:41, GALINDO Virginie wrote: > > Dear all, > > > > In case you missed it, Trusty is offering to android developers an API > to access some Trusted Execution Environment operations. > > > > See https://source.android.com/security/trusty/index.html > > Virginie, > > Thanx for the update. > > Unfortunately this only verifies my strong belief that the HW-Sec WG in > progress is on the wrong track targeting TEEs from the Web since trusty > applications are > (AFAICT...) only deployable by device integrators. > > It would be better if the HW-Sec WG listened to the market which nowadays > not only mean "Anders and Martin", but de-facto also includes Google with > their suggested and implemented Android fix: > https://github.com/w3c/webpayments/issues/42#issuecomment-166705416 > > Apparently even Mr. Arcieri essentially agrees with this: > https://www.w3.org/2016/02/23-wpwg-minutes > tarcieri: My personal opinion is the ability to intent into a native app > .... make a payment from the mobile (native) web ... I'd like to see that > capability in there one way or another > > That is, COMBINING the power of the Web and the App worlds would be a > _fantastic project_, at least if innovation by third-parties is in scope. > > If W3C cannot do this for religious or political reasons, well, that's a > pity because this development seems _inevitable_ as it would be a complete > waste of valuable time and resources building parallel universes! It is not > proved that it is technically feasible either. > > Regards, > Anders > > > > > Regards, > > > > Virginie > > > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------- This message and any attachments are intended solely for > > the addressees and may contain confidential information. Any > unauthorized use or disclosure, either whole or partial, is prohibited. > > E-mails are susceptible to alteration. Our company shall not be liable > for the message if altered, changed or falsified. If you are not the > intended recipient of this message, please delete it and notify the sender. > > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus. > > > --------------------------------------------------------------------- > Intel Israel (74) Limited > > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). Any review or distribution > by others is strictly prohibited. If you are not the intended > recipient, please contact the sender and delete all copies. > > > >
Received on Wednesday, 2 March 2016 00:32:09 UTC