[118516] in Cypherpunks
Re: Postulates for "trusted"/"maliced" soft and hard ware
daemon@ATHENA.MIT.EDU (David Honig)
Thu Sep 30 14:23:52 1999
Date: Thu, 30 Sep 1999 13:55:52 -0400
Message-Id: <3.0.5.32.19990930104736.007d1460@pop.sprynet.com>
From: David Honig <honig@sprynet.com>
To: Multiple recipients of list <cypherpunks@openpgp.net>
Content-Type: text/plain; charset="us-ascii"
Reply-To: David Honig <honig@sprynet.com>
At 08:11 PM 9/29/99 -0400, William H. Geiger III wrote:
>Well a fab is not needed to trust the chips. I have been thinking about
>this quite a bit with the recent discussions on Intel's RNG. If the CPU is
>open sourced then all that is needed is a lab with equipment to examine
>the chips to see if what the fab is producing matches what's in the
>published specs. Granted this is beyond my capabilities but is a less
>expensive proposal than producing one's own chips.
Yep.
Chipworks.com does this.
Prediction: The security-hardware industry will eventually
support a cryptoHW UL lab, much as someone from the l0pht suggested
a crypto software UL lab. A civilian, US-independent version of the
ISSO. (Note that the NSA/ISSO is organizing about 7 "certified assurance"
labs (in the US) to outsource (control?) security evals. That's too much
tentacle for many to stomache.)
