[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restricted storage

From: Michal Suchanek
Subject: Re: Restricted storage
Date: Wed, 7 Jun 2006 23:42:54 +0200

On 6/6/06, Jonathan S. Shapiro <address@hidden> wrote:
On Tue, 2006-06-06 at 17:29 +0200, Michal Suchanek wrote:
> On 6/1/06, Jonathan S. Shapiro <address@hidden> wrote:
> > On Thu, 2006-06-01 at 22:26 +0200, Michal Suchanek wrote:
> > > I would say that in the other case the TC is the weak link....
> >
> > What empirical evidence can you offfer to support this assumption? It
> > seems very unlikely on many grounds.
> In the end, the TC keys are still managed by an administrator. The set
> of reliable administrators is zero (you said that :).

Actually, this need not be true. It is possible (on top of TC) to
construct a keying system in which the administrator does not manage the
keys -- or at least: can manage them only in "opaque" form in a way that
does not permit them to be used or inspected.

oh, so you argue that if TC is reliable it can make TC reliable?

Would  they use chips from another vendor for that, or their own chips?

> Even if you verify some chips, there is no guarantee that they will not
> - start producing a new revision
> - give away keys to sign something else than the chips

There is no "guarantee". However, the financial incentives *not* to do
this are *extremely* powerful.

One of the recurring problems with security schemes in general is
incentives. In practice, they often rely on some party to preserve some
property or secret, but in reality it is not financially in the
interests of that party to actually preserve it. At best, people get
lazy about such commitments. At worst, they break them explicitly.

One of the things about TC that is good (from an engineering
perspective) is that the financial incentives of the TC chip vendors
align with the protection that the TC vendors must preserve.

I would think the same applies to CAs.

I'm not saying "TC is good" here. I'm simply saying that this particular
aspect of TC was engineered well and realistically.

> Plus there is the problem of signing all those chips. How whould an US
> chip maufacturer manage that? Will they have the chips signed in
> Taiwan and China, or will they first get all the zillions of chips
> transported to the US and sign them there?

The chips are not signed, so this is not an issue.

How do you tell they are the genuine chips then?

> Now in case of TC it either works for everybody or it fails for
> everybody (or at least a substantial part of the world).

This is not entirely true. If a single TC chip vendor is compromised,
then the chips supplied by that vendor "die" but chips supplied by other
vendors remain just as "safe" as they were before.

In the eyes of the user, this is no worse than having a shipment of
motherboards all of which are bad. For example, a very large number of
motherboards shipped a few years ago from a certain vendor in Taiwan.
These boards contained counterfit capacitors, *all* of which failed in
the field and required a motherboard replacement.

Losing the keys for a particular TPM chip does not appear (to me) to
have any worse impact than that. No better, certainly, but no worse.

Given that there is about a half dozen chip vendors compromising one
of them would have much greater impact. Moreover, the capacitors only
stopped working, and a few boards at a time. Compromising the chips
would completetly break the security of a large number of systems at
once. Even systems that do not use the chips directly but rely
(relied) on them to attest remote parties.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]