1) Getting a (legitimate) USB vendor ID is already a big barrier to entry for smaller players in the hardware business. The USB Forum is basically a cartel of people who aren't interested in selling you a product ID unless you want to buy 65,536 of them at once for thousands of dollars. Then there's the expensive kernel-mode code signing certificate that you'll have to buy in order to deploy your Windows driver. The world needs fewer crypto-cartels, not more.
2) It's always been accepted as a truism that once an attacker has physical access to your computer, the security game is over. Why is everyone rushing to discard this axiom all of a sudden? Don't people understand that this will lead to a world where your computer relies on third-party gatekeepers to treat you as a security threat?
1) Getting a (legitimate) USB vendor ID is already a big barrier to entry for smaller players in the hardware business. The USB Forum is basically a cartel of people who aren't interested in selling you a product ID unless you want to buy 65,536 of them at once for thousands of dollars. Then there's the expensive kernel-mode code signing certificate that you'll have to buy in order to deploy your Windows driver. The world needs fewer crypto-cartels, not more.
2) It's always been accepted as a truism that once an attacker has physical access to your computer, the security game is over. Why is everyone rushing to discard this axiom all of a sudden? Don't people understand that this will lead to a world where your computer relies on third-party gatekeepers to treat you as a security threat?