Hi Peter,
Apart from the obvious fact that if the TPM is good for DRM then it is also
good for protecting servers and the data on them,
In which way, and for what sorts of protection? And I mean that as a
serious inquiry, not just a Did you spill my pint? question. At the moment
the sole significant use of TPMs is Bitlocker, which uses it as little more
than a PIN-protected USB memory key and even then functions just as well
without it. To take a really simple usage case, how would you:
- Generate a public/private key pair and use it to sign email (PGP, S/MIME,
take your pick)?
I had this working using openCryptoki, the trousers TSS and Mozilla
Thunderbird on openSUSE Linux. If the setup instructions aren't in
the various readmes of those projects I can help you set it up if
you'd like.
- As above, but send the public portion of the key to someone and use the
private portion to decrypt incoming email?
A simple PKCS#11 app to extract the public key is all that's needed
with the above tools.
(for extra points, prove that it's workable by implementing it using an actual
TPM to send and receive email with it, which given the hit-and-miss
Done. :-) Last time I tested this it worked fine... Circa 2006...
Kent
functionality and implementation quality of TPMs is more or less a required
second step). I've implemented PGP email using a Fortezza card (which is
surely the very last thing it was ever intended for), but not using a TPM...
Mark Ryan presented a plausible use case that is not DRM:
http://www.cs.bham.ac.uk/~mdr/research/projects/08-tpmFunc/.
This use is like the joke about the dancing bear, the amazing thing isn't the
quality of the dancing but the fact that the bear can dance at all :-).
It's an impressive piece of lateral thinking, but I can't see people rushing
out to buy TPM-enabled PCs for this.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
