<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sat, Mar 7, 2015 at 7:04 AM, Russ Nelson <span dir="ltr"><<a href="mailto:nelson@crynwr.com" target="_blank">nelson@crynwr.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Emin Gün Sirer writes:<br>
> >More generally, I think the way to approach “nothing up my sleeves”<br>
> hardware is to move down in complexity, not up. </span></blockquote><div>....... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
</span>No. He is describing a platform that *he* trusts, not a platform that<br>
has been subverted by the NSA and then called "TPM".<br>
<br>
Calling something "trusted" doesn't make it trusted, friend. Calling<br>
someone "friend" doesn't make them your friend.<br><br></blockquote><div><br></div><div>Valid point with one *</div><div>*) For forensics, judge and jury must be convinced</div><div>that the operator and his tools are expert and trusted.</div><div><br></div></div>The courthouse does not have levels of proof and trust that</div><div class="gmail_extra">have anything to do with security the way most of us think</div><div class="gmail_extra">is important and necessary.</div><div class="gmail_extra"><br></div><div class="gmail_extra">So a tool set that allows a chain of custody and validation</div><div class="gmail_extra">of results by other experts is an important foundation. National</div><div class="gmail_extra">security has a more interesting case of paranoia.</div><div class="gmail_extra"><br></div><div class="gmail_extra">I would be hard put to trust a device that mounts and </div><div class="gmail_extra">inspects a disk from evidence. The complexity and</div><div class="gmail_extra">interactivity of reconstructing files and filesystems requires </div><div class="gmail_extra">vastly more than a device that makes a bit for bit image and</div><div class="gmail_extra">that image copy is then analyzed in great depth on another</div><div class="gmail_extra">system. </div><div class="gmail_extra"><br></div><div class="gmail_extra">So yes a platform that he trusts is step one. A real person is the </div><div class="gmail_extra">one taking the stand and giving evidence.</div><div class="gmail_extra"><br></div><div class="gmail_extra">In an ideal world that trust will be justified and proved.</div><div class="gmail_extra">But a formal trust analysis is hard. The smaller</div><div class="gmail_extra">the kernel of trust the more likely the analysis will</div><div class="gmail_extra">finish and less likely the method is to be hacked in a </div><div class="gmail_extra">way that destroys the legal chain of evidence and trust. <br><br>This applies only to a "static" disk not a live system that</div><div class="gmail_extra">is under attack or under mixed control by good and bad</div><div class="gmail_extra">guys (and more?).</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>