-----BEGIN PGP SIGNED MESSAGE-----
At the last meeting references were made to processors which only execute encrypted code. Decryption occurs on chip.
If each chip has a unique public/secret key pair, and executes authenticated code only, there are some interesting implications.
Let's see... What about this scenario: Alice gets a contraband copy of PGP 4.0 off the Internet. Since the public-key algorithm is publicized so that people can encrypt software to a chip, PGP 4.0 has the ability to encode/decode/generate keys for the chip. Alice generates a public key/private key pair 0x12345678, in software. Alice goes to www.microsoft.com and orders Office '99 online, and tells Microsoft "Hi, my name is Alice, my credit card number is 31426436136778 and my PGPentium's public key is 0x12345678." Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for which she has the private key to. Alice decrypts Office '99, and reencrypts it with public key of her PGPentium, as well as the keys f all her friends. Does the authentication defeat this? Our computers would only run software from Microsoft? Scary. - -- Ben Byer root@bushing.plastic.crosslink.net I am not a bushing -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMrn3V7D5/Q37XXHFAQFuVAMAg90hbta98fduPUdvneYYbfZe4v+9fsmc rSyYYStamC/mX8Mr2BRJVtNlOoWLkALhfPcnF0tKL5cVBTgufVlZRyJBc5KypkeZ q/hyIupaA4aETwALBlEdZ+3k1eOKiE6L =nGsN -----END PGP SIGNATURE-----