Dell to Add Security Chip to PCs

Anne & Lynn Wheeler lynn at garlic.com
Fri Feb 4 13:12:59 EST 2005 

Erwann ABALEA wrote:
  > I've read your objections. Maybe I wasn't clear. What's wrong in
> installing a cryptographic device by default on PC motherboards?
> I work for a PKI 'vendor', and for me, software private keys is a
> nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an
> expensive CC EAL4+ evaluated token, install the drivers, and solve the
> inevitable conflicts that will occur, simply to store his private key? You
> first have to be good to convice him to justify the extra depense.
> If a standard secure hardware cryptographic device is installed by default
> on PCs, it's OK! You could obviously say that Mr Smith won't be able to
> move his certificates from machine A to machine B, but more than 98% of
> the time, Mr Smith doesn't need to do that.
> 
> Installing a TCPA chip is not a bad idea. It is as 'trustable' as any
> other cryptographic device, internal or external. What is bad is accepting
> to buy a software that you won't be able to use if you decide to claim
> your ownership... Palladium is bad, TCPA is not bad. Don't confuse the
> two.

the cost of EAL evaluation typically has already been amortized across 
large number of chips in the smartcard market. the manufactoring costs 
of such a chip is pretty proportional to the chip size ... and the thing 
that drives chip size tends to be the amount of eeprom memory.

in tcpa track at intel developer's forum a couple years ago ... i gave a 
talk and claimed that i had designed and significantly cost reduced such 
a chip by throwing out all features that weren't absolutely necessary 
for security. I also mentioned that two years after i had finished such 
a design ... that tcpa was starting to converge to something similar. 
the head of tcpa in the audience quiped that i didn't have a committee 
of 200 helping me with the design.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list