Hi Peter, >>Apart from the obvious fact that if the TPM is good for DRM then it is also >>good for protecting servers and the data on them, > > In which way, and for what sorts of "protection"? And I mean that as a > serious inquiry, not just a "Did you spill my pint?" question. At the moment > the sole significant use of TPMs is Bitlocker, which uses it as little more > than a PIN-protected USB memory key and even then functions just as well > without it. To take a really simple usage case, how would you: > > - Generate a public/private key pair and use it to sign email (PGP, S/MIME, > take your pick)?
I had this working using openCryptoki, the trousers TSS and Mozilla Thunderbird on openSUSE Linux. If the setup instructions aren't in the various readmes of those projects I can help you set it up if you'd like. > - As above, but send the public portion of the key to someone and use the > private portion to decrypt incoming email? A simple PKCS#11 app to extract the public key is all that's needed with the above tools. > (for extra points, prove that it's workable by implementing it using an actual > TPM to send and receive email with it, which given the hit-and-miss Done. :-) Last time I tested this it worked fine... Circa 2006... Kent > functionality and implementation quality of TPMs is more or less a required > second step). I've implemented PGP email using a Fortezza card (which is > surely the very last thing it was ever intended for), but not using a TPM... > >>Mark Ryan presented a plausible use case that is not DRM: >>http://www.cs.bham.ac.uk/~mdr/research/projects/08-tpmFunc/. > > This use is like the joke about the dancing bear, the amazing thing isn't the > quality of the "dancing" but the fact that the bear can "dance" at all :-). > It's an impressive piece of lateral thinking, but I can't see people rushing > out to buy TPM-enabled PCs for this. > > Peter. > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
