Hi Alan Slight segue..
On 30.06.21 15:38, Alan DeKok wrote:
If the answer is "use TPM", then that doesn't meet peoples existing needs. It will also take many years for it to become standardized, much less ubiquitous. As an example, here's an EAP / TPM paper from 2010: https://www.semanticscholar.org/paper/EAP-TPM-%3A-A-New-Authentication-Protocol-for-IEEE-.-Latze/6d755cf4d1ac1da25c8d02a2e5cba56212149d69
I think we have to be a bit careful about using the term "TPM". What we care about are trust anchors, credentials, and operations on those. Those objects might be stored in TPMs, but it seems to me that the protocol does not need to be aware of that.
If we can be crisper on both the operations and the objects, I think we'll do better. Some of that is on us with a TEAP update, but I think there's also a discussion to be had about that.
It's the T part of TEAP that is emphasized in the current work. The operations and objects beyond that are underdeveloped. That has to be a lot cleaner as we move forward.
Eliot
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
