The argument is, instead, that adding a regulation increases the chance that we will slide down that slippery slope.
This is a vastly better argument, but one that wouldn't allow us to then simply reject any continued discussion, just because we've 'declared' slippery slope and observed that we're epsilon on it. For example, one might ask about the underlying reason for why it increases the chance that we will slide down it? The answer could take many forms, which may be more or less convincing for whether it does, indeed, increase the chance. See here for some examples, and feel free to click through for any specific sub-topics.
Section 5.4.1, "sensitive security parameters in persistent storage shall be stored securely by the device," seems a bit more likely to be a costly provision, and IMO one that misunderstands how hardware security works (there is no such thing as robust security against an attacker with physical access).
IMO, it shows that you misunderstand how these things work. They're not saying "secure against a nation state decapping your chip". They actually refer to ways that persistent storage can be generally regarded as secure, even if you can imagine an extreme case. To be honest, this is a clear sign that you've drunk the tech press kool aid and are pretty out in whacko land from where most serious tech experts are on this issue. Like, they literally tell you what standards are acceptable; it doesn't make any sense to concoct an argument for why it's AKSHUALLY impossible to satisfy the requirement.
And then there's perplexing stuff like 5.6.4 "where a debug interface is physically accessible, it shall be disabled in software.". Does this mean if you sell a color-changing light bulb, and the bulb has a usbc port, you're not allowed to expose logs across the network and instead have to expose them only over the usbc port?
H-what? What are you even talking about? This doesn't even make any sense. The standard problem here is that lots of devices have debug interfaces that are supposed to only be used by the manufacturer (you would know this if you read the definitions section), yet many products are getting shipped in a state where anyone can just plug in and do whatever they want to the device. This is just saying to not be a retard and shut it off if it's not meant to be used by the user.
p
I present to you: nobody.
This is a vastly better argument, but one that wouldn't allow us to then simply reject any continued discussion, just because we've 'declared' slippery slope and observed that we're epsilon on it. For example, one might ask about the underlying reason for why it increases the chance that we will slide down it? The answer could take many forms, which may be more or less convincing for whether it does, indeed, increase the chance. See here for some examples, and feel free to click through for any specific sub-topics.
IMO, it shows that you misunderstand how these things work. They're not saying "secure against a nation state decapping your chip". They actually refer to ways that persistent storage can be generally regarded as secure, even if you can imagine an extreme case. To be honest, this is a clear sign that you've drunk the tech press kool aid and are pretty out in whacko land from where most serious tech experts are on this issue. Like, they literally tell you what standards are acceptable; it doesn't make any sense to concoct an argument for why it's AKSHUALLY impossible to satisfy the requirement.
H-what? What are you even talking about? This doesn't even make any sense. The standard problem here is that lots of devices have debug interfaces that are supposed to only be used by the manufacturer (you would know this if you read the definitions section), yet many products are getting shipped in a state where anyone can just plug in and do whatever they want to the device. This is just saying to not be a retard and shut it off if it's not meant to be used by the user.
More options
Context Copy link