11 Aug 2019 |
abl | oh wait, it's 25519 keys. | 23:52:40 |
Matthew | s/SEP/SE/ then i guess | 23:52:42 |
Matthew | or X9.63 just supports a suite of different curves | 23:52:44 |
someone_ |
s/SEP/SE/ then i guess
SEP and SE have nothing to do with each other, and SE is really just for payments
| 23:53:09 |
someone_ | and nothing else | 23:53:14 |
Matthew | ah, ok. | 23:53:36 |
abl | https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf mentions 25519 keys being used in a bunch of scenarios where the SEP has to be involved | 23:53:39 |
Matthew | well, wherever the trustzone thing is | 23:53:42 |
Matthew | abl: right | 23:53:46 |
someone_ |
well, wherever the trustzone thing is
Apple A7 to A10 used a Cortex-A7 as the SEP
| 23:54:01 |
someone_ | A11 moves it to an Apple core | 23:54:11 |
abl | (btw, things like http://krypt.co make me happy as far as cool uses of the SEP APIs, although I admit I haven't seen an end-to-end review of it) | 23:54:47 |
Matthew | looks like cryptokit primitives could be pretty easily glued into Olm, the e2e lib for matrix | 23:55:02 |
Matthew | complete with storing identity keys (but not conversation keys) in the SE | 23:55:13 |
Matthew | so... that's cool :) | 23:55:22 |
| * Matthew files a bug | 23:55:24 |
someone_ |
complete with storing identity keys (but not conversation keys) in the SE
| 23:55:31 |
someone_ | not SE | 23:55:33 |
someone_ | lol | 23:55:35 |
someone_ | SEP = Secure Enclave Processor | 23:55:48 |
someone_ | SE = Secure Element | 23:55:52 |
abl | to be fair Apple does say "Secure Enclave" a bit | 23:56:14 |
abl | but yeah SEP :) | 23:56:22 |
someone_ | yeah and that just makes it harder when they have multiple things having the same abreviations | 23:56:42 |
abl | a more paranoid person might say they're deliberately obfuscating | 23:57:26 |
someone_ | In reply to @abl:matrix.org a more paranoid person might say they're deliberately obfuscating they're definitely not confusing anyone in the field | 23:57:46 |
12 Aug 2019 |
someone_ | what I won't really forgive Apple for doing is encrypting the SEP firmware | 00:00:54 |
someone_ | and LLB + iBoot | 00:01:05 |
abl | quite weak, yes | 00:02:19 |
someone_ |
quite weak, yes
especially as they're all decrypted nowadays
| 00:02:34 |