Cryptographic privacy protection in TCPA
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Aug 29 22:35:07 PDT 2002
Nomen Nescio <nobody at dizum.com> writes:
>If a key is misused, i.e. "scraped" out of the TPM and used to create a
>virtualized, rule-breaking software TPM, it can be revoked. This means that
>all the TPMs that share that one key lose the use of that key. But it doesn't
>matter much, because they each have many more they can use. Since it is
>expected that only a small percentage of TPMs will ever need their keys
>revoked, most TPMs should always have plenty of keys to use.
I designed something along these lines some years ago as a way of building a
fault-tolerant key management system. The idea is that you create a pile of
keys, and these vote on key updates. If a key is compromised, you sign its
replacement with a quorum of non-compromised keys, and replace the bad key.
You also periodically roll over keys as a preventive measure, limiting
exposure due to compromises. No need for a PKI or anything else complex like
that, it's all automatic and transparent.
There can be slight problems if a device stays offline long enough that enough
keys have been rolled over to make reaching a quorum impossible, which was an
issue when I designed the thing but rather unlikely now. I can dig up the
exact details in case anyone's interested.
Peter.
More information about the cypherpunks-legacy
mailing list