Dave Korn wrote: > Ian Farquhar wrote: >> Maybe I am showing my eternal optimist side here, but to me, this is >> how TPM's should be used, as opposed to the way their backers >> originally wanted them used. A removable module whose connection to a >> device I establish (and can de-establish, assuming the presence of a >> tamper-respondent barrier such as a sensor-enabled computer case to >> legitimize that activity) is a very useful thing to me, as it >> facilitates all sorts of useful applications. [...]
> If you can remove it, what's to stop you plugging it into another machine and > copying all > your DRM-encumbered material to that machine? > > It's supposed to identify the machine, not the user. Sounds to me like what > you want is a > personally identifying cert that you could carry around on a usb key... Nothing, but you missed my point. I'm not interested in the DRM functionality, or user-removability. My point was to look beyond that original remit. Specifically, a module which supports authenticated physical removal (with a programmed tamper response) *is* useful, especially for server applications. (*) Smartcards and "secure" USB devices might be useful for other applications, but not the one I was describing, because they lack a tamper response. Note I'm also saying "programmable tamper response". Although I like the idea of wiping keys on tamper response, it's not necessarily the ideal response. A better possibility (in certain circumstances) is the device entering a "lockdown" mode with selected and modelled reduced functionality. Examples of such circumstances are where the tamper might be triggerable maliciously, thus facilitating a DoS attack against the service. Ian. (*) And isn't it interesting how so many "desktop" systems are now starting to run application mixes which really look like servers? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
