Ed Reed wrote: >There are many business uses for such things, like checking to see >if locked down kiosk computers have been modified (either hardware >or software),
I'm a bit puzzled why you'd settle for detecting changes when you can prevent them. Any change you can detect, you can also prevent before it even happens. So the problem statement sounds a little contrived to me -- but I don't really know anything about kiosks, so maybe I'm missing something. In any case, this is an example of an application where owner-directed remote attestation suffices, so one could support this application without enabling any of the alleged harms. (See my previous email.) In other words, this application is consistent with an "Owner Override". >verifying that users have not excercised their god-given >right to install spy-ware and viruses (since they're running with >administrative priviledges, aren't they?), It sounds like the threat model is that the sysadmins don't trust the users of the machine. So why are the sysadmins giving users administrator or root access to the machine? It sounds to me like the real problem here is a broken security architecture that doesn't match up to the security threat, and remote attestation is a hacked-up patch that's not going to solve the underlying problems. But that's just my reaction, without knowing more. In any case, this application is also consistent with owner-directed remote attestation or an "Owner Override". >and satisfying a consumer >that the server they're connected to is (or isn't) running software >that >records has adequate security domain protections to protect the users >data (perhaps backup files) the user entrusts to the server. If I don't trust the administrators of that machine to protect sensitive data appropriately, why would I send sensitive data to them? I'm not sure I understand the threat model or the problem statement. But again, this seems to be another example application that's compatible with owner-directed remote attestation or an "Owner Override". Summary: None of these applications require full-strength (third-party-directed) remote attestation. It seems that an "Owner Override" would not disturb these applications. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
