Re: Broken dream of mine :(

[Arne Babenhauserheide]

Am Montag, 21. September 2009 13:34:00 schrieb Michal Suchanek:
> 2009/9/21 Sam Mason <address@hidden>:
> > On Mon, Sep 21, 2009 at 12:19:05PM +0200, Michal Suchanek wrote:
> >> The problem is that if you get a version of either kernel that does
> >> not lie to the process, and you can verify that with some scheme
> >> involving TPM or similar you can now make application that refuses to
> >> run unless it has access to true opaque memory.
> >
> > I thought the point of TPM was that the kernel can't lie, or rather if
> > it does then you can trivially find out that it has.  You end up getting
> > a signature of the programs in the TCB and hence you can allow your
> > code to run only if you know that this set of processes are known to be
> > "good".
> 
> You can verify what kernel you are running with TPM. If you separately
> verify that certain kernel (bit image) does not lie and you can verify
> that you are running that kernel then you can believe it does not lie.

Differently put: You can make sure that there were _no_ modifications. 

Now this means, if there's a bugfix, we would first have to update every 
clients "good bit image list", before we can update the server to the new 
kernel, else the clients will effectively be locked out (and will want their 
money back). 

Now imagine this as general protection measure for the whole internet. What 
will be the mean retardation of security updates? -> How long is the minimum 
time I have to exploit a weakness? 

And in the end you'll have to trust the one who provides you with the list of 
good bit images - and you require everyone who wants to communicate with you 
to first supply his bit image to the trusted bit image provider - who's likely 
to charge a nice price for his service (at least as soon as the system is 
established). 

Means: We'd just put a cost tag on any private modification. If the image list 
provider would do real testing (require the source code, check it, build it on 
the same machine, ...) that price tag would be enormeously big. 

Best wishes, 
Arne

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
Ein Mann wird auf der Straße mit einem Messer bedroht. 
Zwei Polizisten sind sofort da und halten ein Transparent davor. 

        "Illegale Szene. Niemand darf das sehen."

Der Mann wird ausgeraubt, erstochen und verblutet, 
denn die Polizisten haben beide Hände voll zu tun. 

Willkommen in Deutschland. Zensur ist schön. 
                      (http://draketo.de)
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

signature.asc
Description: This is a digitally signed message part.