Seth Schoen posts paper on "trusted computing"

Udhay Shankar N udhay at pobox.com
Mon Oct 6 01:44:27 EDT 2003


via boingboing:

http://boingboing.net/2003_10_01_archive.html#106512302120071226

EFF's Trusted Computing white-paper

My colleague Seth Schoen has finished his long-awaited, brilliant 
white-paper on Trusted Computing. Seth has been briefed as an outside 
technical analyst by all the companies working of Trusted Computing 
architecture, and has had his paper vetted by some of the leading security 
experts in the field. This is the most exhaustive, well-reasoned, balanced 
analysis of Trusted Computing you can read today. Don't miss it.

Remote attestation is the most significant and the most revolutionary of 
the four major feature groups described by Microsoft. Broadly, it aims to 
allow "unauthorized" changes to software to be detected. If an attacker has 
replaced one of your applications, or a part of your operating system with 
a maliciously altered version, you should be able to tell. Because the 
attestation is "remote", others with whom you interact should be able to 
tell, too. Thus, they can avoid sending sensitive data to a compromised 
system. If your computer should be broken into, other computers can refrain 
from sending private information to it, at least until it has been fixed. 
While remote attestation is obviously useful, the current TCG approach to 
attestation is flawed. TCG attestation conspicuously fails to distinguish 
between applications that protect computer owners against attack and 
applications that protect a computer against its owner. In effect, the 
computer's owner is sometimes treated as just another attacker or adversary 
who must be prevented from breaking in and altering the computer's software.

link: http://www.eff.org/Infra/trusted_computing/20031001_tc.php

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list