| I'm a non-native speaker Jay, don't imply insinuations, because I'm usually not so subtle with my language. That was just a bad joke. Believe me, I do think your work is phenomenal. Period. I'm sorry I've never been to one of your talks. If you'll ever do one in Berlin in the future I won't certainly miss it. :) That said, I understand your point but I don't really agree. You're saying Apple is doing all this while basically lying for what? Sheer publicity? Do they really think that this kind of unusual marketing would be good for them? It's the implications (legal, not technical ones) that are at stake here. Three hours of Apple engineers' time spent working for the government, by the way, would already account as an unreasonable burden, in my book. Especially after they already complied with the FBI requests just to find out they messed up the iCloud password... Is iOS much more secure that any other mobile platform? Isn't Apple saying just that? And don't you believe it's true? Apparently yes, you do!
They do are working towards what you advocate for here (making the users' data completely unaccessible to them). Just look at the evolution of security from iOS 7 to iOS 9. We're still not there, yet. Maybe that's what's brewing for iOS 10, who knows... By the way, since we're here and you're clearly the best person to ask... I'm curious about how Apple stores and keeps their private signing key for iOS secure. How do they do that? Has anybody ever tried to steal that?
That's something nobody's talking about, but I'm really curious about the physical implications of keeping something like that safe. |
HSMs generally support signing operations, so it's likely the key doesn't leave the device at all. They might be using a configuration with shared secrets (smart card + PIN, etc.) where at least n shares need to be present to operate the HSM. Those secrets are probably held by a small number of high-level Apple employees.
It's probably similar to the DNSSEC Root Signing Ceremony[1]. Well, hopefully slightly less insane.
[1]: https://www.cloudflare.com/dnssec/root-signing-ceremony/