On Jan 9, 2013, at 1:18 PM, Leo Bicknell <bickn...@ufp.org> wrote: > In a message written on Wed, Jan 09, 2013 at 06:39:28PM +0100, Mikael > Abrahamsson wrote: >> IPMI is exactly what we're going for. > > For Vendors that use a "PC" motherboard, IPMI would probably not be > difficult at all! :) > > I think IPMI is a pretty terrible solution though, so if that's your > target I do think it's a step backwards. Most IPMI cards are prime > examples of my worries, Linux images years out of date, riddled with > security holes and universally not trusted. You're going to need a > "firewall" in front of any such solution to deploy it, so you can't > really eliminate the extra box I proposed just change its nature. >
https://www.schneier.com/blog/archives/2013/01/the_eavesdroppi.html --Steve Bellovin, https://www.cs.columbia.edu/~smb