[147807] in cryptography@c2.net mail archive
Re: [Cryptography] "Death Note" elimination for hashes
daemon@ATHENA.MIT.EDU (Kent Borg)
Tue Oct 22 11:25:30 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 22 Oct 2013 08:39:53 -0400
From: Kent Borg <kentborg@borg.org>
To: cryptography@metzdowd.com
In-Reply-To: <5265DDF6.4080908@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/21/2013 10:07 PM, James A. Donald wrote:
> If there had been a credible threat to brick them all, they would
> have been made so that they could easily and routinely be updated.
Maybe. But manufacturers like selling a whole new phone maybe more than
they like putting effort and support costs into giving away a free
upgrade. (Doing an upgrade is harder than a fresh installation, so many
possible starting points, so slow to test each, so little reward for the
job well done.)
And consumers don't necessarily think it is a benefit to have a phone
that seems to be working changed at the risk of it not working. Plus,
many of them expect to buy a new phone shortly anyway.
In the case of Android, it is Google that has a clear interest in the
health of the whole ecosystem, including secure phones. And they have
been recently struggling with improving the upgrade paths. Moving their
secret sauce from AOSP into Google Play Services gives them more control
along these lines, as it makes it more closed source.
-kb
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography