full-disk subversion standards released
Kent Yoder
shpedoikal at gmail.com
Thu Mar 5 13:13:46 EST 2009
Hi Peter,
>>Apart from the obvious fact that if the TPM is good for DRM then it is also
>>good for protecting servers and the data on them,
>
> In which way, and for what sorts of "protection"? And I mean that as a
> serious inquiry, not just a "Did you spill my pint?" question. At the moment
> the sole significant use of TPMs is Bitlocker, which uses it as little more
> than a PIN-protected USB memory key and even then functions just as well
> without it. To take a really simple usage case, how would you:
>
> - Generate a public/private key pair and use it to sign email (PGP, S/MIME,
> take your pick)?
I had this working using openCryptoki, the trousers TSS and Mozilla
Thunderbird on openSUSE Linux. If the setup instructions aren't in
the various readmes of those projects I can help you set it up if
you'd like.
> - As above, but send the public portion of the key to someone and use the
> private portion to decrypt incoming email?
A simple PKCS#11 app to extract the public key is all that's needed
with the above tools.
> (for extra points, prove that it's workable by implementing it using an actual
> TPM to send and receive email with it, which given the hit-and-miss
Done. :-) Last time I tested this it worked fine... Circa 2006...
Kent
> functionality and implementation quality of TPMs is more or less a required
> second step). I've implemented PGP email using a Fortezza card (which is
> surely the very last thing it was ever intended for), but not using a TPM...
>
>>Mark Ryan presented a plausible use case that is not DRM:
>>http://www.cs.bham.ac.uk/~mdr/research/projects/08-tpmFunc/.
>
> This use is like the joke about the dancing bear, the amazing thing isn't the
> quality of the "dancing" but the fact that the bear can "dance" at all :-).
> It's an impressive piece of lateral thinking, but I can't see people rushing
> out to buy TPM-enabled PCs for this.
>
> Peter.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list