remote-attestation is not required (Re: The bank fraud blame game)

Adam Back adam at cypherspace.org
Tue Jul 3 08:21:57 EDT 2007


I do not believe the mentioned conflict exists.  The aim of these
calculator-like devices is to make sure that no malware, virus etc can
create unauthorized transactions.  The user should still be able to
debug, and inspect the software in the calculator-like device, or
virtual software compartment, just that installation of software or
upgrades into that area should be under direct explicit user control.
(eg with BIOS jumper required to even make any software change!)

The ring -1 and loss-of-control aspects of TPM are different, they are
saying that you are not really root on your own machine anymore!  In
the sense that if you do load under a debugger the remote party can
tell this and refuse to talk with you.

This remote attestation feature is simply not required for
user-centric, user-controlled security.

Adam

On Sun, Jul 01, 2007 at 11:09:16PM -0400, Leichter, Jerry wrote:
> | something like a palm pilot, with screen and input and a reasonably
> | trustworthy OS, along with (as you say) the appropriate UI investment.
> You do realize that you've just come down to what the TPM guys want to
> build?  (Of course, much of the driving force behind having TPM comes
> from a rather different industry.  We're all happy when TPM can be
> used to ensure that our banking transactions actually do what the bank
> says it will do for a particular set of instructions issued by us and
> no one else, not so happy when they ensure that our "music transactions"
> act the same way....)
> 
> Realistically, the only way these kinds of devices could catch on would
> be for them to be standardized.  No one would be willing to carry one
> for their bank, another for their stock broker, a third for their
> mortgage holder, a fourth for their credit card company, and so on.
> But once they *are* standardized, almost the same potential for
> undesireable uses appears as for TPM's.  What's to prevent the movie
> download service requiring that you present your Universal Safe Access
> Fob before they authorize you to watch a movie?  If the only significant
> differences between this USAF and TPM is that the latter is more
> convenient because more tightly tied to the machine, we might as well
> have the convenience.
> 
> (This is why I find much of the discussion about TPM so surreal.  The
> issue isn't the basic technology, which one way or another, in some form,
> is going to get used.  It's how we limit the potential misuses....)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list