[144348] in cryptography@c2.net mail archive
Re: full-disk subversion standards released
daemon@ATHENA.MIT.EDU (Kent Yoder)
Thu Mar 5 14:43:16 2009
In-Reply-To: <E1LTtFA-0001wP-Bi@wintermute01.cs.auckland.ac.nz>
Date: Thu, 5 Mar 2009 12:13:46 -0600
From: Kent Yoder <shpedoikal@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: ben@links.org, cryptography@metzdowd.com, gnu@toad.com,
smb@cs.columbia.edu, tls@rek.tjls.com
Hi Peter,
>>Apart from the obvious fact that if the TPM is good for DRM then it is al=
so
>>good for protecting servers and the data on them,
>
> In which way, and for what sorts of "protection"? =A0And I mean that as a
> serious inquiry, not just a "Did you spill my pint?" question. =A0At the =
moment
> the sole significant use of TPMs is Bitlocker, which uses it as little mo=
re
> than a PIN-protected USB memory key and even then functions just as well
> without it. =A0To take a really simple usage case, how would you:
>
> - Generate a public/private key pair and use it to sign email (PGP, S/MIM=
E,
> =A0take your pick)?
I had this working using openCryptoki, the trousers TSS and Mozilla
Thunderbird on openSUSE Linux. If the setup instructions aren't in
the various readmes of those projects I can help you set it up if
you'd like.
> - As above, but send the public portion of the key to someone and use the
> =A0private portion to decrypt incoming email?
A simple PKCS#11 app to extract the public key is all that's needed
with the above tools.
> (for extra points, prove that it's workable by implementing it using an a=
ctual
> TPM to send and receive email with it, which given the hit-and-miss
Done. :-) Last time I tested this it worked fine... Circa 2006...
Kent
> functionality and implementation quality of TPMs is more or less a requir=
ed
> second step). =A0I've implemented PGP email using a Fortezza card (which =
is
> surely the very last thing it was ever intended for), but not using a TPM=
...
>
>>Mark Ryan presented a plausible use case that is not DRM:
>>http://www.cs.bham.ac.uk/~mdr/research/projects/08-tpmFunc/.
>
> This use is like the joke about the dancing bear, the amazing thing isn't=
the
> quality of the "dancing" but the fact that the bear can "dance" at all :-=
).
> It's an impressive piece of lateral thinking, but I can't see people rush=
ing
> out to buy TPM-enabled PCs for this.
>
> Peter.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.c=
om
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
