Hi. First, I think the promiscuous "network" permission should be replaced with more fine-grained ones like "secure web connection to example.com" (or secure chat/im/mail).
I'd also like to see a mechanism for temporary face-to-face trust (e.g. via qr-code) of self-signed certificates for situations where: - all servers and clients are in a relatively small physical area (e.g. mesh network) - it's possible to walk to the server (can either be a phone or a desktop) and ask the operator to present the QR code of the self-signed certificate - we can't rely on net or cell connection to the outside (e.g. natural or political disaster) Cheers, The Dod On 12 July 2013 16:24, Eduardo Robles Elvira <[email protected]> wrote: > Hello: > > I'd like to see a mesh mode in the mobile phones. There are currently > lots of mesh software initiatives, but I haven't seen any smartphone > manufacturers support this. In the past, they were dependant of > telecommunication companies to sell their phones, but now some > companies are now starting to sell phones by themselves (Google for > example). A mesh network mode would allow users to communicate even if > there's no other conection, it can be useful to conect with peers in a > demonstration or to transmit stream video to them in case police > breaks your phone. > > On Fri, Jul 12, 2013 at 1:11 AM, Blibbet <[email protected]> wrote: > >> (1) A unique key built into each device, which can't be read directly > >> by software, but which can be used to derive other keys (e.g. for disk > >> encryption) at a limited rate, slowing down brute-force attacks > >> against such keys. > >> > >> (2) An effaceable area of flash storage where the operating system can > >> store encryption keys for the entire disk and/or individual files, > >> making it possible to securely delete the corresponding data without > >> having to smash the device into tiny little pieces. > >> > >> (3) A pony. > > > > > > Presuming the smartphone is ARM-based, and presuming if (1) is applied, > > it'll probably have ARM TrustZone installed, then: > > > > (4) Install a modern firmware on your smartphone, with useful security > > features. > > > > (4a) Linux-based Coreboot. or > > > > (4b) UEFI. > > > > Use UEFI's SecureBoot feature, to enhance your Linux/Android/B2G/etc OS, > > something none of your competitors are doing, except MS/Win8. To do so, > you > > need TPM on x86 or TrustZone on ARM, and you need to get your OS vendor > to > > sign the firmware, and not let MS Win8 hardware logo requirements confuse > > you. > > > > Beyond the default TianoCore source, leverage Linaro's ARM-centric fork > of > > TianoCore, and Intel's MinnowBoard's UEFI which targets Linux > > (Angstrom/Yocto), but neither of these Linux-centric UEFI targets support > > the SecureBoot feature. > > > > Extend the current UEFI SecureBoot feature, which only targets 1 OS, to > one > > that lets you securely boot more-than-1 OS, for systems that want to > > securely multiboot a handful of OSes (not necessarily installed, but > later, > > if your device is open, your user may opt to install another distro; your > > job is to gather certs of the major ones, so they can securely boot the > main > > distros.) > > > > (5) Learn from FairPhone's model. Compete with them, by making something > > *more* open. > > > > Thanks. > > > > > > -- > > Too many emails? Unsubscribe, change to digest, or change password by > > emailing moderator at [email protected] or changing your settings at > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > > > -- > Eduardo Robles Elvira +34 668 824 393 skype: edulix2 > http://www.wadobo.com it's not magic, it's wadobo! > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
