John Gilmore writes: > > I am aware of, Direct Anonymous Attestation proposed for the Trusted > > Computing group, http://www.zurich.ibm.com/security/daa/ . > > > DAA provides > > optionally unlinkable credential showing and relies on blacklisting to > > counter credential sharing. > > Hmm, why doesn't this blacklisting get mentioned in IBM's DAA page?
They don't use that term, rather they refer to "rogue" TPMs. This means TPM keys which have been compromised in some way. The implication is that such keys would, once identified, be shut out from the system, and presumably this would be done by a blacklist. > What sort of blacklist would this be? What actions would being listed > on it trigger? I don't think the operational details of this are worked out, but I don't follow this area closely. No doubt this is part of why none of these systems have been fielded. (Computers do get sold with TPMs in them but the enormous infrastructure envisioned by the Trusted Computing group is not in place.) In principle, if your TPM's key got put on this blacklist, it would prevent you from access to whatever resources require a valid TPM. What resources those might be would depend on how and where this technology is used, if it ever is. But having a blacklisted TPM would be like not having a TPM at all, in terms of access to network resources. It may be a little more complex than this, because the DAA protocol has a couple of different modes in which it may be used. Rather than a global blacklist, each TPM-requiring service might maintain its own local blacklist of rogue TPM identifiers. Actually I would expect there to be both kinds of blacklists: a global one based on TPM private keys which have been scraped and published; and a local one based on TPM public identifiers (zeta^f values where f is the TPM private key and zeta is a unique per-site constant) that the site decides are being used suspiciously often, suggesting that they are being shared by a group. Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
