fyi: bear/enforcer open-source TCPA project
Sean Smith
sws at cs.dartmouth.edu
Tue Sep 9 10:13:06 EDT 2003
>
> >How can you verify that a remote computer is the "real thing, doing
> >the right thing?"
>
> You cannot.
Using a high-end secure coprocessor (such as the 4758, but not
with a flawed application) will raise the threshold for the adversary
significantly.
No, there are no absolutes. But there are things you can do.
> The correct security approach is to never give a remote machine
> any data that you don't want an untrusted machine to have.
So you never buy anything online, or use a medical facility
that uses computers?
--
Sean W. Smith, Ph.D. sws at cs.dartmouth.edu
http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list