Thank you very much, Hal, for the answers. The code at privaca website is
certainly going to be useful for me.

Regards,
Amruta

On Wed, Jan 20, 2010 at 2:04 PM, Hal Finney <[email protected]> wrote:

> Hi Amruta - answers inline:
>
> On Sun, Jan 17, 2010 at 3:07 PM, Amruta Gokhale
> <[email protected]> wrote:
> > Thank you for pointing me to a very useful description about the
> > verification of quote
> > operation.
> >
> > I am sorry about asking doubts on an old thread, but I still have two
> > questions:
> >
> > 1) The verifier should have the RSA public signing key for verifying the
> > signature
> > over the rgbData buffer. So is it okay if the prover(or the attesting
> party)
> > sends the
> > public key to the verifier? Will this be in accordance with the IMA
> > protocol?
> > Since the prover creates a new key pair each time via
> Tspi_Key_CreateKey(),
> > I suppose the only way for the verifier to know this public key is by
> > receiving it from
> > the prover. Or is there another way?
>
> I think generally you are right, the prover will generate the RSA
> signing key and will distribute it. He may send it directly to the
> verifier or he may publish it in some form, to make it available to
> other verifiers for example. It depends on how many provers and
> verifiers you would envision in the system.
>
> > 2) It follows from (1) above that there should be a central authority(CA)
> to
> > verify the key.
> > The communication with the CA would incur more work, both for the prover
> and
> > verifier.
> > Is there an efficient way than this to implement?
>
> Yes, the TCG assumes that AIKs suitable for issuing Quote operations
> would be verified by a CA which they call a Privacy CA. TPMs implement
> a protocol that lets a CA verify that a particular key is controlled
> by a TPM. This protocol allows the Privacy CA to issue a certificate
> on the AIK certifying that it is a valid TPM key.
>
> It is true that this may incur more work. However if the key is used
> many times, perhaps by many verifiers, it can be more efficient to
> just have the key checked once using the TPM protocol (which is rather
> complicated). As long as everyone trusts the Privacy CA then it is
> quick and easy to verify the certificates it issues and know that the
> Quote signing key is a valid TPM key.
>
> It is also possible for verifiers and signers to run the TPM protocol
> directly between themselves, in order to prove that the AIK is a real
> TPM key. This way no one has to trust the Privacy CA.
>
> I wrote some code to illustrate these two possibilities which is
> available from http://www.privacyca.com/code.html .
>
> Hal Finney
>
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users

Reply via email to