New DoD encryption mandate
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Sun Aug 19 20:14:08 EDT 2007
On Aug 19, 2007, at 12:13 PM, Ali, Saqib wrote:
> On if MS provided some way to manage them centrally. Using a encrypted
> DB to manually store the keys in it, is simply not feasible.
Your argument just went from "TPMs are bad for volume encryption with
BitLocker because they can't be centrally managed" to "Microsoft
should provide tools to centrally manage key recovery files because I
find doing it myself too hard". Which are you actually arguing? I've
tried to show you that the first argument is _wrong_; the second
argument has nothing to do with TPMs. You have a choice when it comes
to how you approach the recovery keyfile problem. You can build tools
for it, or any company that perceives a market need can do so.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list