>>From: Andrew Sackville-West <[EMAIL PROTECTED]> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0) >> >>On Tue, Feb 19, 2008 at 11:37:17AM +0900, Kuniyasu Suzaki wrote: >>> >>> >>From: Andrew Sackville-West <[EMAIL PROTECTED]> >>> >>> >>How does the system behave when the authentication server is down? How >>> do you deal >>> >>with a compromised authentication server? >>> >>> Client takes vulnerability check only. There is no action on the client. >> >>I presume that the client exchanges some information with the >>server. What happens when that server is compromised and sends >>compromised information?
The server check Platform Manifest and RunTime Manifest. Platform Manifest includes the boot record and RunTime Manifest includes the log of executed applications on Linux-IMA. If the manifests don't match, the server returns error. http://sourceforge.jp/projects/openpts/wiki/FrontPage/attach/20080129-KNOPPIX511TCG-OPTS-UsersGuide-v1_0-E.pdf The database on the server is updated by DSA:Debian Security Advisory. http://www.debian.org/security/ -- suzaki >>A >> >>ps. thanks for continuing to answer these question. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]