| |
EFF: Trusted Computing: Promise and Risk
by Decius at 8:45 pm EDT, Oct 2, 2003 |
] Remote attestation works by generating, in hardware, a
] cryptographic certificate attesting to the identity of
] the software currently running on a PC. (There is no
] determination of whether the software is good or bad,
] or whether it is compromised or not compromised.
] "Identity" is represented by a cryptographic hash,
] which simply allows different programs to be
] distinguished from one another, or changes in their
] code to be discerned, without conveying any sort of value
] judgment.) This certificate may, at the PC user's
] request, be provided to any remote party, and in
] principle has the effect of proving to that party that
] the machine is using expected and unaltered software. If
] the software on the machine has been altered, the
] certificate generated will reflect this. We will see
] that this approach, although elegant, proves
] problematic. Software is law. |
EFF: Trusted Computing: Promise and Risk
by bucy at 1:10 pm EDT, Oct 3, 2003 |
] Remote attestation works by generating, in hardware, a
] cryptographic certificate attesting to the identity of
] the software currently running on a PC. (There is no
] determination of whether the software is good or bad,
] or whether it is compromised or not compromised.
] "Identity" is represented by a cryptographic hash,
] which simply allows different programs to be
] distinguished from one another, or changes in their
] code to be discerned, without conveying any sort of value
] judgment.) This certificate may, at the PC user's
] request, be provided to any remote party, and in
] principle has the effect of proving to that party that
] the machine is using expected and unaltered software. If
] the software on the machine has been altered, the
] certificate generated will reflect this. We will see
] that this approach, although elegant, proves
] problematic. READ THIS! |
There is a redundant post from k not displayed in this view.
|
|
