Hi Alex

Thank you for the "lame-ass question". I'm not a specialist in computer 
security, I'm just beginning to learn. I just asked this "lame-ass" question to 
have a feedback and see in what direction my studies must go. So, in the future 
try to be more compassionate with beginners, please.

With the answers I've got from the mailing list, now I have:
  - List of books for this subject.
  - What would be my main problems.
  - Good starting points for my reflexions.

Therefore, instead of being rude with me, you can give some other advice (books 
or ideas).

For comming back on Christoph's mail, C will offer a good service. But for that 
C have to provide a good general purpose hardware. Even if you offer a good 
service, you'll always have people taking this good hardware for free while not 
using it with C products. Just imagine you own a tennis court and give rackets 
for free to your customers (marketing practice). People will just come to your 
company once and then go to another tennis court with the racket you gave them. 
Won't you try to protect yourself against that? 

Alex was right when he said the thread is dead. Now I have all the information 
I need to start to study on my own. Thanks for the helpfull answers you sent me.

Have a good day.

PS: If you (Alex) are a highly skilled person in security, could you explain me 
why I received this mail? Good demonstration of trusted path, isn't it?


Quoting Alex Russell <[EMAIL PROTECTED]>:

> I think the thread is dead. The orginal poster has been removed from
> the
> list (Dave does that to people who ask lame-ass questions).
> 
> You're right, the business model he was proposing was all kinds of
> dumb.
> It's been tried before and works marginally (if at all). The guy didn't
> have
> a threat model in place, an acceptable attrition rate for hardware, or
> a
> real definition of what he wanted his hardware to be trusted
> for/against. If
> you can't trace a path of trust through a system, it's security value
> is
> dubious to say the least, and this guy didn't seem to understand what
> a
> trust path even implied.
> 
> Alex
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> 
> ----- Original Message -----
> From: "Christoph Plattner" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Monday, June 25, 2001 4:28 PM
> Subject: Re: MUSCLE Disk encryption and more
> 
> 
> > Ok, it's offtopic here, but I don't think, it is a good idea
> > to use such policy. Why to protect such thing ??
> >
> > A good policy is to setup a box and to have a model earning
> > money on services not on the boxes or the system (linux).
> >
> > The user can do what ever he/she wants to do, if the user
> > disconfigured the system, it his personal problem. Or it is
> > a good idea to do a protection (check) over the configuration.
> >
> > But the user has to pay for services, C offers ...
> >
> > With friendly regards
> > Christoph P.
> >
> >
> >
> > Patrick Valsecchi wrote:
> > >
> > > Hi
> > >
> > > My company is working for another company (let call it C) that is
> going
> to
> > > provide Linux boxes to its customers. As C is going to give them
> free or
> for a
> > > small fee, C doesn't want the customers to use the boxes for
> another
> purpose
> > > that the one specified by C.
> > >
> > > C doesn't want the user to be able to:
> > >   - run another kernel than the one S provides
> > >   - run executables that have not been signed by authorized
> developpers
> or that
> > > have been modified (signed executables)
> > >   - change or alter the dynamic libraries (signed .so files)
> > >   - have access to the binary of some executables (for avoiding
> reverse
> > > engineering)
> > >   - save a file and give the disk to a friend (encrypted files, but
> I
> need to
> > > be fast on read and write, here)
> > >
> > > All that by using:
> > >   - a SmartCard
> > >   - a modified kernel
> > >   - a specialised hardware for encryption
> > >   - maybe a modified loader (lilo)
> > >
> > > And that mustn't be just simple tricks, we must protect those
> boxes
> against
> > > very skilled hackers.
> > >
> > > Is there existing projects on those subjects? Is anybody already
> worked
> on it?
> > >
> > > Thanks for your help.
> > >
> > > ---
> > >   -°)                 Patrick Valsecchi
> > >   /\\
> > >  _\_v
> > > ***************************************************************
> > > Linux Smart Card Developers - M.U.S.C.L.E.
> > > (Movement for the Use of Smart Cards in a Linux Environment)
> > > http://www.linuxnet.com/smartcard/index.html
> > > ***************************************************************
> >
> > --
> > -------------------------------------------------------
> > private: [EMAIL PROTECTED]
> > company: [EMAIL PROTECTED]
> > ***************************************************************
> > Linux Smart Card Developers - M.U.S.C.L.E.
> > (Movement for the Use of Smart Cards in a Linux Environment)
> > http://www.linuxnet.com/smartcard/index.html
> > ***************************************************************
> >
> 



---
  -°)                 Patrick Valsecchi
  /\\
 _\_v

***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************

Reply via email to