[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TPM support status ?
|
From: |
Duboucher Thomas |
|
Subject: |
Re: TPM support status ? |
|
Date: |
Wed, 19 Aug 2009 21:16:21 +0200 |
|
User-agent: |
Thunderbird 2.0.0.22 (Windows/20090605) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vladimir 'phcoder' Serbinenko a écrit :
> But why does a third instance (manufacturer) need to trust my key?
> Only one: he wants a control.
I don't see where the TPME needs to trust the EKP in the specification.
>> Also, most of the time, the reset operation is disabled by the TPME.
> This is a problem (again): you can't make TPM to behave like you want.
Yep, but why would you allow reseting the EKP? You can reset everything
else because you may need to, but it's no use reseting the EKP.
>> It _can't_ be used for other operations iirc.
> Checking you use windows?
Not the TPM, only a ***** BIOS and a ***** manufacturer (which can base
their scheme on TPM). We saw this in the past, but we didn't needed a
TPM for that, only human mind. :|
> The argument was "TPM aren't opposite of freedom".
This was the idea, not the argument.
> Why wouldn't he connect a hardware keylogger (price about $100,
> reusable) or change keyboard firmware. Neither is detectable by TPM.
Because sometimes the security isn't only reduced to a passphrase.
Sometime tokens have their uses.
> I don't believe it to be wonderful in anything except giving
> impression of security. Increase of $100 is a gain but if your data is
> worth less than that your laptop will be stolen for hardware and not
> data.
> If this measure didn't come with the risk of losing freedom I would be
> for its inclusion but with warnings in manual that it provides no real
> security (I wouldn't have spend time coding it though, neither would I
> have used it). But considering the price (freedom) I reject it.
> You lose the freedom the moment when you go in prison cell and someone
> is able to close it regardless whether he actualy closes it or not -
> he has you at his mercy.
Don't you think it isn't even worth working on?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkqMT4QACgkQBV7eXqefhqiQ4wCgjfVQKceHIckhfQDI2AH9iSg5
ercAn2qP5/l/TA3OnE4aL/i+uJJRbg5u
=CXEm
-----END PGP SIGNATURE-----
Re: TPM support status ?, Robert Millan, 2009/08/19
Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?,
Duboucher Thomas <=
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Michal Suchanek, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Michal Suchanek, 2009/08/19
Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19