On Mon, Sep 21, 2009 at 02:49:46PM +0200, Arne Babenhauserheide wrote: > Now imagine this as general protection measure for the whole internet.
The point I was trying to make is that this doesn't work for "the whole internet". This is for a small, mostly homogeneous, sets of systems and you want to be sure of what code they're running. These computers may indeed be connected over the internet and hence be in different administrative domains. TPM helps to make sure the admins are honest, but as they have the hardware there's always the chance they could physically alter the hardware in ways that it doesn't notice. Non-physical attacks should be prevented though. -- Sam http://samason.me.uk/
