Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)
Ben Laurie
ben at algroup.co.uk
Sat Dec 20 13:38:16 EST 2003
Carl Ellison wrote:
> We see here a difference between your and my sides of the Atlantic. Here in
> the US, almost no one has a smart card.
>
> Of those cards you carry, how many are capable of doing public key
> operations? A simple memory smartcard doesn't count for what we were
> talking about.
I don't know. If you can tell me how to find out, I'd be happy to
investigate. I have quite a few that are no longer needed, so
destructive investigation is possible :-)
BTW, I forgot the two smartcards that are used by my Sky satellite TV stuff.
> There are other problems with doing TCPA-like operations with a smartcard,
> but I didn't go into those. The biggest one to chew on is that I, the
> computer owner, need verification that my software is in good shape. My
> agent in my computer (presumably the smartcard) needs a way to examine the
> software state of my computer without relying on any of the software in my
> computer (which might have been corrupted, if the computer's S/W has been
> corrupted). This implies to me that my agent chip needs a H/W path for
> examining all the S/W of my computer. That's something the TPM gives us
> that a smartcard doesn't (when that smartcard goes through a normal device
> driver to access its machine).
I'm not arguing with this - just the economic argument about number of
smartcards.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list