On 08/09/12 23:00, Hal Finney wrote: > http://www.finney.org/~hal/privacyca/code.html#getcert > > is some code I wrote a few years ago to use Trousers to read the EK cert.
Hal, your collection of tools seems like exactly what I've been looking for, thanks for sharing! Having that figured out, another question is how to automatize the process of verifying the cert chain? So, how to write a Privacy CA-kind of service in practice? Is there a list of all the root certs that are used for signing all the EKs? I would expect TCG to maintain such a list perhaps, no? Similarly, is there any way to automatically get all the intermediate certs? Or, perhaps there are already some commercial Privacy CA services out there? I don't really look for fancy stuff like DAA, just a standard, yet reliable way to certify that an AIK is indeed a TPM-generated one. Something that would work for a broad range of TPMs, not just for one vendor. Thanks, joanna.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
