Hello, Relating to this "TEE for all on Android" / Trusty conversation, please see also the following discussion:
https://www.reddit.com/r/Bitcoin/comments/47g89e/next_evolution_in_bitcoin_security_hardware/ My remarks on this (I am a bit skeptical about it due to the inability to conduct a full audit) are here, at the bottom of this discussion thread (I am pcvcolin on reddit): https://www.reddit.com/r/Bitcoin/comments/47g89e/next_evolution_in_bitcoin_security_hardware/d0iyd2u?context=3 On Tue, Mar 1, 2016 at 10:10 AM, Berenzon, Alex <alex.beren...@intel.com> wrote: > Hi, > > Please note that there are other TEEs available today (and assuming more > to come) that are targeting general ISVs and not device integrators. > Typically, in such TEEs, a trusted application is isolated from the TCB of > other trusted applications and their resources. > > - Alex. > > -----Original Message----- > From: Anders Rundgren [mailto:anders.rundgren....@gmail.com] > Sent: Tuesday, March 01, 2016 19:37 > To: GALINDO Virginie <virginie.gali...@gemalto.com>; > public-web-secur...@w3..org > Cc: Wayne Carr <wayne.c...@linux.intel.com>; Rigo Wenning <r...@w3.org> > Subject: Re: [W3C Web Security IG] TEE for all on android > > On 2016-03-01 17:41, GALINDO Virginie wrote: > > Dear all, > > > > In case you missed it, Trusty is offering to android developers an API > to access some Trusted Execution Environment operations. > > > > See https://source.android.com/security/trusty/index.html > > Virginie, > > Thanx for the update. > > Unfortunately this only verifies my strong belief that the HW-Sec WG in > progress is on the wrong track targeting TEEs from the Web since trusty > applications are > (AFAICT...) only deployable by device integrators. > > It would be better if the HW-Sec WG listened to the market which nowadays > not only mean "Anders and Martin", but de-facto also includes Google with > their suggested and implemented Android fix: > https://github.com/w3c/webpayments/issues/42#issuecomment-166705416 > > Apparently even Mr. Arcieri essentially agrees with this: > https://www.w3.org/2016/02/23-wpwg-minutes > tarcieri: My personal opinion is the ability to intent into a native app > .... make a payment from the mobile (native) web ... I'd like to see that > capability in there one way or another > > That is, COMBINING the power of the Web and the App worlds would be a > _fantastic project_, at least if innovation by third-parties is in scope. > > If W3C cannot do this for religious or political reasons, well, that's a > pity because this development seems _inevitable_ as it would be a complete > waste of valuable time and resources building parallel universes! It is not > proved that it is technically feasible either. > > Regards, > Anders > > > > > Regards, > > > > Virginie > > > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------------------------------------------------------------------- > > ---------- This message and any attachments are intended solely for > > the addressees and may contain confidential information. Any > unauthorized use or disclosure, either whole or partial, is prohibited. > > E-mails are susceptible to alteration. Our company shall not be liable > for the message if altered, changed or falsified. If you are not the > intended recipient of this message, please delete it and notify the sender. > > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus. > > > --------------------------------------------------------------------- > Intel Israel (74) Limited > > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). Any review or distribution > by others is strictly prohibited. If you are not the intended > recipient, please contact the sender and delete all copies. > > > >
