-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Dec 20, 2016 at 04:24:37PM -0500, Jean-Philippe Ouellet wrote:
> On Tue, Dec 20, 2016 at 10:22 AM, wrote:
> > it wouldn't require external services like TOTP and other variations.
>
> The reason TOTP isn't useful is not specifically becaus
On Tue, Dec 20, 2016 at 10:22 AM, wrote:
> it wouldn't require external services like TOTP and other variations.
The reason TOTP isn't useful is not specifically because it requires
an external service, but because the passphrase to be used on the next
boot is not known the previous time the com
On Tue, Dec 20, 2016 at 4:09 PM, Jean-Philippe Ouellet wrote:
> It does now somehow detect that your computer has been evil-maided, nor
> prevent it from being so.
"does now" should be "does not"
It's been a rough day >_>
--
You received this message because you are subscribed to the Google G
On Tue, Dec 20, 2016 at 4:00 PM, Jean-Philippe Ouellet wrote:
> Unless you can come up with some cryptographically-sound way to
> integrate the information provided by a 2nd factor as a hard
> requirement to complete the secrets-unsealing-at-boot process, then
> the evil-maided computer could simp
If I understand correctly, it would be completely useless.
The point of AEM is ultimately to somehow authenticate the computer to
the user, rather than the more common direction of authenticating the
identify of a user to the computer (which IIUC is all that U2F can
provide, where in the U2F case