Re: An attack on paypal --> secure UI for browsers
Adam Shostack writes:
Actually, most of the features of Nogsuccob are features that I want, like integrity protected, authenticated boot. The problem, bundled with those features, is the ability of the system to attest to its secure boot. This can be fixed by not letting the host know if you've exported its host key or not, which makes it possible to run a virtualized, trusted copy in your emulation environment.
Nothing forces you to tell anyone else that you booted securely. At most someone may offer to give you something in exchange for such a proof, but you're not obligated to take them up on it. It's not clear what you're getting at about exporting the host key. These systems (TCs) are generally designed to make that difficult or impossible to accomplish. The security of the whole system is built on that assumption. If you actually did manage to pull out the host key then you could make it attest to any falsehood you wanted, although you might get caught eventually. Trusted Computing lets people convincingly tell the truth about what software they are running. This is seen as a horrific threat in certain circles. It's easy to see why liars wouldn't like it. What does an honest man have to lose?
On 14 Jun 2003, lcs Mixmaster Remailer wrote:
Trusted Computing lets people convincingly tell the truth about what software they are running. This is seen as a horrific threat in certain circles. It's easy to see why liars wouldn't like it. What does an honest man have to lose?
Hmmmm.... Why is it that only liars are proposing it and defenders hide in the anonymous weeds? Patience, persistence, truth, Dr. mike
On Sat, Jun 14, 2003 at 11:20:16AM -0000, a Microsoft employee wrote: | Adam Shostack writes: | | > Actually, most of the features of Nogsuccob are features that I | > want, like integrity protected, authenticated boot. The problem, | > bundled with those features, is the ability of the system to attest to | > its secure boot. This can be fixed by not letting the host know if | > you've exported its host key or not, which makes it possible to run a | > virtualized, trusted copy in your emulation environment. | | Nothing forces you to tell anyone else that you booted securely. At most | someone may offer to give you something in exchange for such a proof, | but you're not obligated to take them up on it. Well, sure. And no one forces me to run Microsoft office, either, except Microsoft's monoploy. And when the document format can phone home to prevent piracy or openoffice from running, no one will be 'obligating' me to pay monopoly rents to Microsoft. In the same way, no one forces me to have a drivers license. But its damned hard living life without one. | It's not clear what you're getting at about exporting the host key. | These systems (TCs) are generally designed to make that difficult or | impossible to accomplish. The security of the whole system is built on | that assumption. If you actually did manage to pull out the host key | then you could make it attest to any falsehood you wanted, although you | might get caught eventually. The security of the system to make attestations is built on that assumption. However, there are other values that a TBC can offer, like secure key storage or trusted boot of a known OS image, that I might like. My ability to attest to any falsehood is limited by the statements the key is expected to sign. How broad are those? I thought they were quite limited. | Trusted Computing lets people convincingly tell the truth about what | software they are running. This is seen as a horrific threat in certain | circles. It's easy to see why liars wouldn't like it. What does an | honest man have to lose? Interoperability. Fair use. Market Choice. Archives. Control over their own computers. Ability to decide when to patch. The ability to run purchased software.. ... privately. ... when there are bugs in the license code. ... when the license server or the network is unavailable. That's off the top of my head. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Um, how's that agin? How does Ballmer and Gates force you, Adam Shostack to run Microsoft Office? Did they put a gun to your head? Did they manage to twist Congress's arms to put a gun to your head? Compatibility you say? Well, that's your choice. You can decide if it's important enough to you and act accordingly. I personally think MSFT is evil, and provides nothing but mediocre software. So I vote with my wallet by not paying them for their junk and I won't buy upgrades of their software if the previous versions do what I needed, and install Linux and OpenBSD on new machines. Yes, some of the older shittier machines I have run Windows, but that's because I'm either too lazy to track down drivers for Linux or want them to continue running what they run. Doesn't mean I have to go to XP or 2003. Yes, my work machine runs win2k, but I didn't pay for it, and I didn't have much choice in it - actually I could either quit and find a new job (really lots of fun in this economy) or reinstall Linux over it and live with Open Office and other open tools or have paid for Crossover office out of my pocket, etc. Wasn't worth the trouble and we already have a site license for win2k + office 2k, so that's the path I went. Not my money, the company's money. They chose to pay the Redmond Beast, so what do I care? But for home use, I have no real use for much more than OpenOffice and Linux. There's no need for me to pirate garbage from Microsoft. I can live without it. These are some old pentium1- 100Mhz notebook machines I have that came with Windows 95 and 98 - turd OS's really, but they serve a purpose - mp3 players and light web surfing in my living room and other places for example. And before you ask, no, I didn't pirate the mp3's. They're all ripped from CD's that I owned, and I still have the CD's as proof of ownership. Yes, I could go to linux on them, but why bother wasting half a day tracking down drivers and tuning kernels for them when they're already built and working the way I want them to? So why do you feel it's required of you to either pay Microsoft for, or pirate Office XP and Server 2003 and TCPA enabled junkware? What's so important that you can't live without them. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Sat, 14 Jun 2003, Adam Shostack wrote:
Well, sure. And no one forces me to run Microsoft office, either, except Microsoft's monoploy. And when the document format can phone home to prevent piracy or openoffice from running, no one will be 'obligating' me to pay monopoly rents to Microsoft.
<SNIP>
In the same way, no one forces me to have a drivers license. But its damned hard living life without one.
<SNIP>
participants (4)
-
Adam Shostack -
lcs Mixmaster Remailer -
Mike Rosing -
Sunder