On 9/1/06, Christian Stüble <[EMAIL PROTECTED]> wrote:
Am Freitag, 1. September 2006 00:49 schrieben Sie: > At Thu, 31 Aug 2006 18:37:40 +0200, > > Christian Stüble <[EMAIL PROTECTED]> wrote: > > Am Donnerstag, 31. August 2006 16:31 schrieb Marcus Brinkmann:
> > > In the "hosted server as virtual machine" example, I don't think it > > > makes much sense. If your operations are so critical that you require > > > a high demand of privacy, you will inevitably consider any > > > implementation running on a virtual machine on a colocation a grave > > > risk. Thus, you will better spend the money on a real machine, which > > > is owned exclusively by you, and you will probably host it in your own > > > data center. This is more expensive, but we are talking about very > > > sensitive data, so you will probably do the calculation on a > > > worst-case-scenario, and decide that it is too risky to colocate it > > > even on XenTC++ running on Coyotos 2010 complete with mathematical > > > correctness proof. Try to convince your upper management that this is > > > a safer choice than running the darn thing yourself! > > > > Sorry I am a little confused. Are you talking about the Privacy Agent use > > case, or another one? > > I think I am talking about the privacy agent use case. But then the problem is different. Lets say your privacy agent calculates a result y := f( p, s ) on your secret input p and the servie provider's secret input s. If both parties do not trust each other, they need a TTP to calculate the result. This is expensive and inefficient. Alternatively, they can use a TTP within their system, with all the consequences discusses above. Using a dedicated machine does not solve the problem. It remains the question who should control that machine, and whether it has installed an appropriate OS.
Yes, this is a very clearly stated theoretical problem that can be solved by TPM. The question asked was what practical problems can be solved by TPM cleanly. Or what is a useful practical application of solving such theoretical problem, and how it improves over non-TPM solutions. Thanks Michal
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
