The problem with SIMs is that they aren't just credentials and config. They are full applications. Imagine if you needed to run a custom program to connect to every wifi network. It is bonkers. It is absurdly complex and insecure.

A "SIM" should just be a keypair. The subscriber use it to access the network.

▲

digitalPhonix 4 hours ago | parent | next [-]

It’s more complicated because it has to include logic about which network to connect to and how to tunnel back to the original provider (or partner) while roaming.

So it’s more like: which network to connect to, keys, fallback network selection logic and tunnel logic to get authorisation on a non-home network

▲

kevincox 4 hours ago | parent [-]

That's a good point. That is what I meant by "and config" in my first sentence.

IIUC if the keypair was a certificate with a few other fields foreign networks could give you some basic communication with your provider and decided if you should be allowed to use this network and if/how to tunnel you back to the home network.

But the main point is that it should just be data that the user can port around to different devices as they see fit and that they can trust not to do malicious things.

	▲	digitalPhonix 4 hours ago \| parent [-]
		It’s not just config though (unless you consider logic to be config). When you’re roaming, the sim applet has to generate a path back to its home network based on request/responses with the networks it can see and their partners (and their partners’ partners etc.) It’s effectively multi-hop peer discovery and I don’t think you can encode the general case logic for it as just config. Edit: as a (rather niche) example, FirstNet sims run a different applet to AT&T sims despite nominal running on the same network because they have special logic to use more networks if they are in an emergency area.

▲

pjmlp 2 hours ago | parent | prev [-]

eSIM are the same, they offer all capabilities, while taking customer freedom away.

The apps are still on the VM.