Laurence Lundblade <[email protected]> wrote: >> Yes, the way in which the Evidence is relayed is vendor proprietary, >> but the the Evidence and/or Attestation Results are then relayed to an >> external verifier.
> I don’t know anything about router architecture, but do about mobile
> phone architecture which I consider a candidate for composite
> attestation.
> A mobile phone based on a chip like a Qualcomm Snapdragon has many
> subsystems. Something like this: - A TEE and/or HW root of trust,
> perhaps controlled by the chip vendor, not the phone vendor - A Secure
Laurence, the key point which you missed communicating, is whether or not all
these subsystems produce evidence which is either:
a) evaluated by other subsystems, so never leves the device, and is not
subject to standardization. (As Gyan has suggested)
-or-
b) collected by other subsystems and then sent off the device to a Verifier
for evaluation.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
