On Mon, Jun 16, 2014 at 10:37 PM, Daniel Rice <drice@greenmangosystems.com>
wrote:

> True, that would work, but still how are you going to bootstrap the trust?
> TREZOR is well known, but in a future where there could be 100 different
> companies trying to release a similar product to TREZOR it seems like one
> company could corner the market by being the only one that is an accepted
> instant provider at most vendors
>

It's no different to the CA problem. People can only mentally handle a few
trust anchors, so for SSL it goes:

   1 User -> 2-3 browser makers -> 100's of CAs -> millions of websites

The trust starts out narrowly funnelled and grows outwards as things get
outsourced.

For this it'd go

   1 merchant -> 4-5 payment processing engines -> dozens of hardware
manufacturers -> hundreds of thousands of devices