On Sep 21, 2013, at 10:05 PM, d.nix wrote:
> Hah hah hah. Uh, reading between the lines, color me *skeptical* that
> this is really what it claims to be, given the current understanding
> of things...
> 
> http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html
The question isn't whether it's what it claims to be.  It is that.  But is it's 
*more* than it claims to be.

There are a whole bunch of things in recent Intel chips to provide 
manageability and security.  And there are cases where this is very valuable 
and necessary - e.g., if you have a large cluster or processors, it's good to 
be able to remotely configure them no matter what state they are in.  There are 
many similar examples.  If it's *your* hardware, *your* ability to control it, 
in detail, is a good thing.  (Yes, if you've been lent the hardware by your 
employer, it's the *employer* who's the owner, not you, and it's the *employer* 
who can do what he likes.  This has always been the case to a large degree.  If 
it makes you uncomfortable - buy your own machine, don't use your work machine 
for non-work things.)

The *theory* is that the owner can enable or disable these features, and has 
the keys to access them if enabled.  What we don't know is whether anyone else 
has a back-door key.  The phrase I always use to describe such situations is 
"if there's a mode, there's a failure mode".  Such technology could have been 
present in previous generations of chips, completely invisibly - but it would 
have required significant effort on Intel's part with no real payback.  But 
once Intel is adding this stuff anyway ... well, it's only a small effort to 
provide a special additional back door access.

                                                        -- Jerry

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to