[from somelist]
> Subject: Re: [s-t] The return of Das Blinkenlight
> Date: Mon, 31 Jan 2005 19:00:49 -0500
>
> >In the early 90's I was a product manager for a (now-defunct) company
> >that made LAN hubs-- this was when a 10Base-T port would cost you a couple
>
>
> This reminded me of a story
On 2005-02-04T14:30:48-0500, Mark Allen Earnest wrote:
> The government was not able to get the Clipper chip passed and that was
> backed with the horror stories of rampant pedophilia, terrorism, and
> organized crime. Do you honestly believe they will be able to destroy
> open source, linux, in
On Thu, 3 Feb 2005, Erwann ABALEA wrote:
> And do you seriously think that "you can't do that, it's technically not
> possible" is a good answer? That's what you're saying. For me, a better
> answer is "you don't have the right to deny my ownership".
Yes, Senator McCarthy, I do in fact feel safer
Ed Reed wrote:
I'm just curious on this point. I haven't seen much
to indicate that Microsoft and others are ready
for a nymous, tradeable software assets world.
No, and neither are corporate customers, to a large extent.
Right, so my point (I think) was that without some
indication that t
Trei, Peter wrote:
It could easily be leveraged to make motherboards
which will only run 'authorized' OSs, and OSs
which will run only 'authorized' software.
And you, the owner of the computer, will NOT
neccesarily be the authority which gets to decide
what OS and software the machine can run.
If y
At 5:45 PM + 2/4/05, Dave Green wrote:
> mmm, petits filous
>
> Everyone else likes to worry about Google's gathering
> conflict of interests, but Verisign's S.P.E.C.T.R.E.-level
> skills still take some beating. This week, orbiting crypto
>
In message <[EMAIL PROTECTED]>, Dan Kaminsky writes:
>
>>>Uh, you *really* have no idea how much the black hat community is
>>>looking forward to TCPA. For example, Office is going to have core
>>>components running inside a protected environment totally immune to
>>>antivirus.
>>>
>>>
>>
>>Ho
The best that can happen with TCPA is pretty good -
it could stop a lot of viruses and malware, for one
thing.
No, it can't. That's the point; it's not like the code running inside
the sandbox becomes magically exploitproof...it just becomes totally
opaque to any external auditor. A black h
Peter Gutmann wrote:
Neither. Currently they've typically been smart-card cores glued to the
MB and accessed via I2C/SMB.
and chips that typically have had eal4+ or eal5+ evaluations. hot topic
in 2000, 2001 ... at the intel developer's forums and rsa conferences
Erwann ABALEA wrote:
> I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an
expensive CC
Uh, you *really* have no idea how much the black hat community is
looking forward to TCPA. For example, Office is going to have core
components running inside a protected environment totally immune to
antivirus.
How? TCPA is only a cryptographic device, and some BIOS code, nothing
else. Does
On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote:
> Isn't it possible to emulate the TCPA chip in software, using one's own
> RSA key, and thus signing whatever you damn well please with it instead
> of whatever the chip wants to sign? So in reality, as far as remote
> attestation goe
I spent considerable time a couple years ago on these lists arguing
that people should have the right to use this technology if they want.
I also believe that it has potential good uses. But let's be accurate.
> Please stop relaying FUD. You have full control over your PC, even if this
> one is e
On Thu, Feb 03, 2005 at 11:51:57AM -0500, Trei, Peter wrote:
> It could easily be leveraged to make motherboards
> which will only run 'authorized' OSs, and OSs
> which will run only 'authorized' software.
[..]
> If you 'take ownership' as you put it, the internal
> keys and certs change, and a
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Anonymous
> The only people endangered by this capability are those who want to be
> able to lie. They want to agree to contracts and user agreements that,
> for example, require them to observe DRM restrictions and copyright
> la
Erwann ABALEA <[EMAIL PROTECTED]> writes:
>I've read your objections. Maybe I wasn't clear. What's wrong in installing a
>cryptographic device by default on PC motherboards? I work for a PKI 'vendor',
>and for me, software private keys is a nonsense.
A simple crypto device controlled by the same
- Original Message -
From: "Shawn K. Quinn" <[EMAIL PROTECTED]>
Subject: Re: Dell to Add Security Chip to PCs
Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign
I don't know how clear I can say this, your threat model is broken, and the
bad guys can't stop laughing about it.
Come on, now...who's going to be better at Security than Microsoft? Since
bad guys won't be allowed inside the TCPA world then everything's going to
be just fine.
Seems like the "e
On Thu, 2005-02-03 at 22:25 +0100, Anonymous wrote:
> The manufacturer issues a certificate on the public part of the EK,
> called the PUBEK. This key is then used (in a somewhat roundabout
> manner) to issue signed statements which attest to the software state
> of the machine. These attestation
19 matches
Mail list logo