Makes sense, otherwise it would be an US-exclusive, and from a manufacturer point of view making a SKU specific for the united states where the sim card slot is replaced by a plastic piece only increases prices.
I remind everyone that Apple didn’t do that for “user convenience”, but just to keep customers locked in their ecosystem, as switching esims is not easy for normal people, the ones that they are unable to read the content of error messages and dialog boxes (although for us pro users is easier than physical)
But I’m quite sure that it’s not up-to-date because in my country i think most providers support e-SIM, but apple only lists 1.
So that wouldn’t really make it an US-exclusive.
i don’t agree that it keeps users locked in.
convenience wise it should be alot easier with e-SIM, technically you should just be able to open up an app and install a new e-SIM and voila your on a new provider.
i don’t agree that it keeps users locked in. convenience wise it should be alot easier with e-SIM, technically you should just be able to open up an app and install a new e-SIM and voila your on a new provider.
As long as the phone maker and the phone service company play nice. The whole point of physical sims is. “you break your phone screen and phone? You can literally in the minute borrow your buddy’s phone, slap your sim in it”.
Why would it matter? For example here in Finland we have this thing called The Mobile ID. Which is commercial high security identification method, that works on the SIM. It’s user interface is the phone, but the actually crypto and logging works on the SIM. Just as with PIN number, the phone is just keypad to tell the SIM the security code to unlock it and operate. Not only does it work on SIM, due to security it is tied to the SIM. Each ID is a cryptographic key living physically in the SIM. never to leave it. public-private key exchange between the authentication server and SIM. on first boot/activation, SIM generates in-situ the private key, sends the public key to phone company, normal registrations hand shakes. Only thing anyone else has is the publickey. they private key lives it’s live in the SIM and just on getting signatory request and then correct unlock PIN signs the request and sends it back.
Which again means in the “oh my phone broke” situation means I haven’t lost my mobile ID. Just yank the SIM out of the husk of the broken flagship expensive smart phone and slap it into the cheapest 30 euro “I make calls and send text” budget phone. Still works just as well. Any phone you find (that isn’t SIM locked) will work, since as said the ID is the SIM, the phone is just keypad interface.
Also physical external sim allows physical update of the crypto processor. with eSim, if there is hardware fault or vulnerability found with the eSim, you are toast. With physical sim? So sorry customer, there has been vulnerability wound with the Sim crypto. Do you come to visit nearest operator store to get your new sim for your phone or do you want it sent by mail. Specially on say long lasting equipment… It is a very good thing there is a physically exchangeable cryptographic component. Rest of the equipment isn’t toast, just because someone cracked the SIM crypto.
As long as the phone maker and the phone service company play nice
I mean both of those things are usually something you can choose yourself?
I’m aware choices are limited with coverage and availability etc, which is also why i prefixed my statement with should.
For example here in Finland we have this thing called The Mobile ID. Which is commercial high security identification method, that works on the SIM.
That seems like a weird implementation, why would you bundle that with your SIM card?
Seems like a huge headache with stolen/lost phones, wonder how they handle revokation…
Probably only work for online services that can validate that it hasnt been marked stolen?
And wouldn’t it make alot harder to swap providers if your entire identity is tied to the card?
we have a similar thing but it’s a separate physical card you can use for identification, and with that card you can also issue mobile identification.
This entire discussion seems super offtopic though, but you seem really passionate about the Finnish Mobile ID solution.
Also physical external sim allows physical update of the crypto processor.
Are you really arguing that physical security vulnerabilities are easier to solve than a security software update?
It’s not out of the realm of possibilities that Phone vulnerabilities would affect the SIM card as well?
Presumably the phone does need to read the private key to authenticate?
With a software solution you could store the keys on Titan X chip/Apple T2/Samsung Knox(?)
which the OS knows to protect and keep separate…
But again, nothing about the mobile ID SIM solution contradicts anything i said?
eSIM allows for more flexibility overall, the market and availability might not be there everywhere but that is not an issue with the technology but rather it’s adoption (or lack thereof), atleast for all the countries not named Finland.
Seems like a huge headache with stolen/lost phones, wonder how they handle revokation…
Right maybe should have clarified that. The authentication is facilitated by the trusted middle party aka phone company.
When you log in using this service, you tell using service your phone number. Well their contacted authentication handler (usually one of the phone operators), they forward the request to your operator, who knows to forward it to the phone (as I understand as a network service SMS, like how operators settings updates also get send to the SIM and phone), this service message is handed by the phone cellular interface to the SIM. SIM applet notices “oh this is authentication request”. It displays the session ID of authentication (generated at the original authentication session and displayed there also) and then asks to enter security code to approve (or decline the request)
As such revocation is two fold. First your operator will list the certificate/key invalid. Secondly, since operator is handling the message passing anyway, they know to refuse to send the authentication requests in the first place to the compromised SIM. since as the SIM, that also defines where to send the requests. It is both the independent crypto validation, but also the cell network subscriber identity. Compromised sim stops getting any requests, since it is shutout from cellular connection. Can’t make calls, can’t send and receive texts, since the sim isn’t anymore tied to valid subscriber contact.
Plus with crypto system there is always the option of official public revocation server. Which kind of system is what the national ID smart card system uses. Anyone accepting identifying by those signatures gets told “the official key/certificate/revocation server is this one. Regularly check it for listed revocations by the root trust authority”
Makes sense, otherwise it would be an US-exclusive, and from a manufacturer point of view making a SKU specific for the united states where the sim card slot is replaced by a plastic piece only increases prices.
I remind everyone that Apple didn’t do that for “user convenience”, but just to keep customers locked in their ecosystem, as switching esims is not easy for normal people, the ones that they are unable to read the content of error messages and dialog boxes (although for us pro users is easier than physical)
Alot of countries support e-SIM, this is the most comprehensive list i could find Find wireless carriers and worldwide service providers that offer eSIM service (apple.com)
But I’m quite sure that it’s not up-to-date because in my country i think most providers support e-SIM, but apple only lists 1.
So that wouldn’t really make it an US-exclusive.
i don’t agree that it keeps users locked in. convenience wise it should be alot easier with e-SIM, technically you should just be able to open up an app and install a new e-SIM and voila your on a new provider.
As long as the phone maker and the phone service company play nice. The whole point of physical sims is. “you break your phone screen and phone? You can literally in the minute borrow your buddy’s phone, slap your sim in it”.
Why would it matter? For example here in Finland we have this thing called The Mobile ID. Which is commercial high security identification method, that works on the SIM. It’s user interface is the phone, but the actually crypto and logging works on the SIM. Just as with PIN number, the phone is just keypad to tell the SIM the security code to unlock it and operate. Not only does it work on SIM, due to security it is tied to the SIM. Each ID is a cryptographic key living physically in the SIM. never to leave it. public-private key exchange between the authentication server and SIM. on first boot/activation, SIM generates in-situ the private key, sends the public key to phone company, normal registrations hand shakes. Only thing anyone else has is the publickey. they private key lives it’s live in the SIM and just on getting signatory request and then correct unlock PIN signs the request and sends it back.
Which again means in the “oh my phone broke” situation means I haven’t lost my mobile ID. Just yank the SIM out of the husk of the broken flagship expensive smart phone and slap it into the cheapest 30 euro “I make calls and send text” budget phone. Still works just as well. Any phone you find (that isn’t SIM locked) will work, since as said the ID is the SIM, the phone is just keypad interface.
Also physical external sim allows physical update of the crypto processor. with eSim, if there is hardware fault or vulnerability found with the eSim, you are toast. With physical sim? So sorry customer, there has been vulnerability wound with the Sim crypto. Do you come to visit nearest operator store to get your new sim for your phone or do you want it sent by mail. Specially on say long lasting equipment… It is a very good thing there is a physically exchangeable cryptographic component. Rest of the equipment isn’t toast, just because someone cracked the SIM crypto.
I mean both of those things are usually something you can choose yourself?
I’m aware choices are limited with coverage and availability etc, which is also why i prefixed my statement with should.
That seems like a weird implementation, why would you bundle that with your SIM card?
Seems like a huge headache with stolen/lost phones, wonder how they handle revokation…
Probably only work for online services that can validate that it hasnt been marked stolen?
And wouldn’t it make alot harder to swap providers if your entire identity is tied to the card?
we have a similar thing but it’s a separate physical card you can use for identification, and with that card you can also issue mobile identification.
This entire discussion seems super offtopic though, but you seem really passionate about the Finnish Mobile ID solution.
Are you really arguing that physical security vulnerabilities are easier to solve than a security software update?
It’s not out of the realm of possibilities that Phone vulnerabilities would affect the SIM card as well?
Presumably the phone does need to read the private key to authenticate?
With a software solution you could store the keys on Titan X chip/Apple T2/Samsung Knox(?)
which the OS knows to protect and keep separate…
But again, nothing about the mobile ID SIM solution contradicts anything i said?
eSIM allows for more flexibility overall, the market and availability might not be there everywhere but that is not an issue with the technology but rather it’s adoption (or lack thereof), atleast for all the countries not named Finland.
Right maybe should have clarified that. The authentication is facilitated by the trusted middle party aka phone company.
When you log in using this service, you tell using service your phone number. Well their contacted authentication handler (usually one of the phone operators), they forward the request to your operator, who knows to forward it to the phone (as I understand as a network service SMS, like how operators settings updates also get send to the SIM and phone), this service message is handed by the phone cellular interface to the SIM. SIM applet notices “oh this is authentication request”. It displays the session ID of authentication (generated at the original authentication session and displayed there also) and then asks to enter security code to approve (or decline the request)
As such revocation is two fold. First your operator will list the certificate/key invalid. Secondly, since operator is handling the message passing anyway, they know to refuse to send the authentication requests in the first place to the compromised SIM. since as the SIM, that also defines where to send the requests. It is both the independent crypto validation, but also the cell network subscriber identity. Compromised sim stops getting any requests, since it is shutout from cellular connection. Can’t make calls, can’t send and receive texts, since the sim isn’t anymore tied to valid subscriber contact.
Plus with crypto system there is always the option of official public revocation server. Which kind of system is what the national ID smart card system uses. Anyone accepting identifying by those signatures gets told “the official key/certificate/revocation server is this one. Regularly check it for listed revocations by the root trust authority”
Are these the only carriers in each country that support it?
It might be easier to switch via. an app, but if there’s only one carrier option available then I would not buy a phone like that.