On Dec 16, 2003, at 5:14 PM, David Wagner wrote:
Jerrold Leichter wrote:
We've met the enemy, and he is us. *Any* secure computing kernel
that can do
the kinds of things we want out of secure computing kernels, can also
do the
kinds of things we *don't* want out of secure computing kernels.
I
I agree with everything you say, David, until here.
As for remote attestion, it's true that it does not directly let a
remote
party control your computer. I never claimed that. Rather, it enables
remote parties to exert control over your computer in a way that is
not possible without remote at
I must confess I'm puzzled why you consider strong authentication
the same as remote attestation for the purposes of this analysis.
It seems to me that your note already identifies one key difference:
remote attestation allows the remote computer to determine if they wish
to speak with my machine
You may want to look at EAP-PAX. We tried to engineer around the
patent land mines in the field when we designed it. This of course
doesn't mean that someone won't claim it infringes on something.
We also have a proof (not yet published) of security in a random
oracle model.
Best, Bill
p
On Sep 12, 2007, at 1:56 AM, Aram Perez wrote:
The IronKey appears to provide decent security while it is NOT
plugged into a PC. But as soon as you plug it in and you have to
enter a password to unlock it, the security level quickly drops.
This would be the case even if they supported Mac