An attack on paypal --> secure UI for browsers
lcs Mixmaster Remailer
mix at anon.lcs.mit.edu
Sat Jun 14 04:20:16 PDT 2003
Adam Shostack writes:
> Actually, most of the features of Nogsuccob are features that I
> want, like integrity protected, authenticated boot. The problem,
> bundled with those features, is the ability of the system to attest to
> its secure boot. This can be fixed by not letting the host know if
> you've exported its host key or not, which makes it possible to run a
> virtualized, trusted copy in your emulation environment.
Nothing forces you to tell anyone else that you booted securely. At most
someone may offer to give you something in exchange for such a proof,
but you're not obligated to take them up on it.
It's not clear what you're getting at about exporting the host key.
These systems (TCs) are generally designed to make that difficult or
impossible to accomplish. The security of the whole system is built on
that assumption. If you actually did manage to pull out the host key
then you could make it attest to any falsehood you wanted, although you
might get caught eventually.
Trusted Computing lets people convincingly tell the truth about what
software they are running. This is seen as a horrific threat in certain
circles. It's easy to see why liars wouldn't like it. What does an
honest man have to lose?
More information about the cypherpunks-legacy
mailing list