Dave Korn wrote:
> Ian Farquhar wrote:
>> Maybe I am showing my eternal optimist side here, but to me, this is 
>> how TPM's should be used, as opposed to the way their backers 
>> originally wanted them used.  A removable module whose connection to a 
>> device I establish (and can de-establish, assuming the presence of a 
>> tamper-respondent barrier such as a sensor-enabled computer case to 
>> legitimize that activity) is a very useful thing to me, as it 
>> facilitates all sorts of useful applications.  [...]

> If you can remove it, what's to stop you plugging it into another machine and 
> copying all
> your DRM-encumbered material to that machine?
> It's supposed to identify the machine, not the user.  Sounds to me like what 
> you want is a 
> personally identifying cert that you could carry around on a usb key...

Nothing, but you missed my point.  I'm not interested in the DRM functionality, 
or user-removability.  My point was to look
beyond that original remit.

Specifically, a module which supports authenticated physical removal (with a 
programmed tamper response) *is* useful, especially
for server applications. (*)  Smartcards and "secure" USB devices might be 
useful for other applications, but not the one I was
describing, because they lack a tamper response.

Note I'm also saying "programmable tamper response".  Although I like the idea 
of wiping keys on tamper response, it's not
necessarily the ideal response.  A better possibility (in certain 
circumstances) is the device entering a "lockdown" mode with
selected and modelled reduced functionality.  Examples of such circumstances 
are where the tamper might be triggerable
maliciously, thus facilitating a DoS attack against the service. 


(*) And isn't it interesting how so many "desktop" systems are now starting to 
run application mixes which really look like

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to