I had hopes this product would be way less draconian. People miss the real reason you should push back on eSIM-only devices! It seems that most of HN hasn't done their DD on how eSIM provisioning dosen't work unless you're a billion dollar telco incumbant..... The eSIM-only precedent telco tech giants are pushing towards is part of the time honored tradition of locking consumers out of their own hardware. Indeed, this is another version of "the carrier owns the hardware you've purchased".
TL;DR in order to provision an eSIM to live inside the eUICC (secure element inside phone); as per GSMA standards your eSIM HAS to have a key signed by a SOLE CA determined by the GSMA and the incumbent billion dollar telco industry cartel!!! With a SIM-card you have the freedom to connect to any network you want including those that aren't inside the realm of:
"Only eUICC manufacturers, and SM-SR and SM-DP hosting organisations that have successfully
been accredited by the GSMA SAS can apply for the necessary certificates from the GSMA
Certificate Issuer to participate in the GSMA approved ecosystem."
Please push back on this draconian nonsense as a whole people!!!
Should we reject TLS certificates for the same reason then? If they aren't trusted by the "TLS cartel" then your users are told that the site is "not secure" and shouldn't be trusted. Many browsers will even completely block you from accessing pages without valid trust roots.
I can add a CA to every modern OS with a few clicks and a password can't I? Furthermore, in a browser it's usually 2 clicks away from getting to a site with an expired TLS cert...Why can't I do similar with a eUICC in a device I paid for and own? Hint: control.
Furthermore "reject TLS certificates" implies rejecting a useful security mechanism as a whole...eSIM provides no further security mechanism to a [p]SIM as far as LTE/5G security goes... ie. MILENAGE etc. The only added security of an eSIM is that it adds security to big telcos subscriber revenue and makes them sticky as providers. It's a big telco cartel and if you ain't in it you're dependent on them at the very least.
TL;DR in order to provision an eSIM to live inside the eUICC (secure element inside phone); as per GSMA standards your eSIM HAS to have a key signed by a SOLE CA determined by the GSMA and the incumbent billion dollar telco industry cartel!!! With a SIM-card you have the freedom to connect to any network you want including those that aren't inside the realm of:
"Only eUICC manufacturers, and SM-SR and SM-DP hosting organisations that have successfully been accredited by the GSMA SAS can apply for the necessary certificates from the GSMA Certificate Issuer to participate in the GSMA approved ecosystem."
Please push back on this draconian nonsense as a whole people!!!
eSIM Whitepaper: https://www.gsma.com/esim/wp-content/uploads/2018/06/eSIM-Wh...