semisol @semisol - 3d
Devs of Nostr: What would you do with a secure element that is easy to write software for, required no NDAs and had an open source development toolchain? (Please renote for visibility) #asknostr
vinney...axkl @vinney - 3d
I'd do this: nostr:nevent1qvzqqqqqqypzqth65u2mhdrd6klxkldg6acqyek3ze6tjyacz79dmdwzuc7esue3qyd8wumn8ghj7ur4wfshv6tyvyhxummnw3ezumrpdejz7qgkwaehxw309amk7apwdehhxarj9ecxzun50yhsqgrpftekw07f66enrk7yh5yk2cw9mfz83qgz5gn0fgdejh2sa3aedq9xz6dq
You could make a lightweight LN implementation that adds a slight bit of trust (for in flight payments, and provable disputes) but is still mostly self-custodial to run on them
Could work
Kind of. Except you could write your own software as well. And integrate it into other systems, not just USB.
But is the firmware on the SE? Probably not.
Their SE I think is a ZeitControl smartcard which is from a previous SE generation, and is locked after production
Which device then? But yes, you can do that.
I just reread your post. Yes, you can do that
5143c - 2d
> One (key) ring to rule them all. You still need the index number if it's BIP39 derived addresses. You need to have backups for the master seed and all its derived indexes, with proper references to the derived keys' functions.
semisol @semisol - 1d
Currently all the SEs on the market could easily even do BIP-340/Taproot. It’s just not available to the end user. Many things like that. You can have accelerated ChaCha20, support for Ed25519 properly, and so on… While fully open source & high-security SEs seem to be near-impossible in the short term, it would be possible to have SEs with open and NDA-free toolchains.
I have talked to Tropic Square and I had a really poor impression. They are pretty inexperienced in the SE world from my talks with them, and custom firmware was barely a priority for them (which I asked about) My current work about open SE platforms is with one of the big 3 SE companies, which has been pretty supportive. (I’ll let you guess which, there’s only one company that would barely consider it.)
Yeah, implementing a new platform is a lot of work. Nice to see non-Pixel devices are coming, at least. What specific security features are being looked for in a secure element?
I looked at the Tropic Square datasheet and it would not be able to offer the StrongBox keystore protection level, throttling, or support for insider attack protection. So basically not usable for this purpose. It would be possible to do it with what I’m working on, along with some custom eSE applet-like functionality (sandboxed).
Was just writing my reply when you sent yours. With this, there would have to be a closed and immutable boot code of the secure element, otherwise the rest could be mostly open, allowing stronger firmware verification. Insider attack protection would be implemented as system-controlled flag that decides whether data transfer is allowed across applet upgrades. This could require the owner to authenticate, so it would fulfill that requirement. Requiring the KeyStore applet be signed by a trusted party + issuing an attestation certificate to it would also tick that box.
The chip also is too expensive for what it does. They had some preliminary pricing but that is it. I feel like it is a huge wasted opportunity, but oh well.
