The security model seems to be that the hardware device essentially acts as a confirmation button for all operations prepared on the server...?
That seems like a pretty big step down from trusted channel based solutions that can actually achieve "what you see is what you sign". I don't see why the proposed improvements couldn't be just that: Improvements to a secure input/output device, not replacements of one.
1 comment
[ 4.3 ms ] story [ 16.4 ms ] threadThe security model seems to be that the hardware device essentially acts as a confirmation button for all operations prepared on the server...?
That seems like a pretty big step down from trusted channel based solutions that can actually achieve "what you see is what you sign". I don't see why the proposed improvements couldn't be just that: Improvements to a secure input/output device, not replacements of one.