Difference between TCPA-Hardware and a smart card (was:example: secure computing kernel needed)

Ian Grigg iang at systemics.com
Sat Dec 20 12:15:51 EST 2003


Anne & Lynn Wheeler wrote:
> At issue in business continuity are business requirements for things like
> no single point of failure,  offsite storage of backups, etc. The threat
> model is 1) data in business files can be one of its most valuable assets,
> 2) it can't afford to have unauthorized access to the data, 3) it can't
> afford to loose access to data, 4) encryption is used to help prevent
> unauthorized access to the data, 5) if the encryption keys are protected by
> a TCPA chip, are the encryption keys recoverable if the TCPA chip fails?

You may have hit upon something there, Lynn.

One of the (many) reasons that PKI failed is
that businesses simply don't outsource trust.

If the use of TCPA is such that the business
must trust in its workings, then it can fairly
easily be predicted that it won't happen.  For
business, at least (that still leaves retail
and software sales based on IP considerations).

It is curious that in the IT trust business,
there seems to be a continuing supply of
charlatan ventures.  Even as news of PKI
slinking out of town reaches us, people are
lining up to buy tickets for the quantum
crypotagraphy miracle cure show and bottles
of the new wonder TCPA elixir.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list