On Tue, Mar 28, 2000 at 04:16:39PM -0500, Peter Gutmann wrote: > (For people who don't know what EMBASSY is, it's a kind of combination of > Clipper and DIVX, although recently they've tried to deemphasise this since > noone was buying it - see earlier posts to cypherpunks on this topic. Maybe > the press release wasn't by Wave after all but set up by Intel to make their > PIII serial number look good in comparison). I couldn't find the earlier posts on this subject. A search for "embassy and wave" at http://www.inet-one.com/cypherpunks/ produced only one relevant result. There is some technical information about EMBASSY at http://www.wave.com/technology/embassytc3.html. It certainly looks very, very bad. Look at this section for example: Each EMBASSY is loaded prior to shipment with a unique triplet of DES keys in the cryptographic module. The cryptographic module is protected by a state machine to guarantee secure storage of the secret keys of each EMBASSY. Keys may be loaded into the unit and used to cipher data and keys, but there is no facility to read keys out of the key memory. (end quote) So Wave wants to have secret keys embeded in every computer that only they have access to. How could this possibly contribute to "security and privacy"? (And there is much more. Read the document and find out for your self.) I've already decided not to buy anything from Intel again (more because of their lack of driver support than anything else). If AMD really follows though on this deal I'm going to have a really hard time buying my next computer.
