On Fri, Jan 23, 2004 at 09:48:25AM -0700, Soren Harward wrote: > This question is inspired by the thread on encrypted filesystems, but > merits its own thread. Everyone knows about keeping unauthorized users > out of data they shouldn't have access to. But what about granting > authorized users access to data they should be able to access, but not > permitting them to redistribute it?
I call this ``Bargain Communications''. If someone owns a machine,
you will not be able to force him to do anything he does not want to
do on that machine. If you encrypt a file in such a manner that he
cannot read the file unless he gives you control over what he can do
with the electronic form of that data, then he is left with a choice:
either ignore/delete the file, or accept your terms under which the
file can be read (or circumvent the security system in place that
provides the enforcement of your policy, but let's approach this on a
theoretical level).
This involves bargaining. You offer the recipient of the information
the privilege of reading what you have to say, under the conditions
that he must use certain software to read your data and cannot do
certain things with the electronic version of that data, and the
conditions are enforced by the recipient's own machine. Under some
circumstances, recipients may be willing to make that bargain with the
sender. Some will never agree to those terms, under any circumstances
(I am one of them; the first time I get a message that requires me to
surrender control of my own machine in order to read it, that message
is going straight to /dev/null).
Just to let you know, I will personally be getting a machine with a
TPM chip as soon as it hits the mass market, and I will probably put
TCPA support in my encrypted filesystem. I really like the idea of
hardware-based key management, among other enhancements to security
that hardware support can provide.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
The hokey pokey... What if that's really what it's all about?
pgp00000.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
