Adam Back writes:
> So there are practical limits stemming from realities to do with code
> complexity being inversely proportional to auditability and security,
> but the extra ring -1, remote attestation, sealing and integrity
> metrics really do offer some security advantages over the curre
At 07:30 PM 8/12/2002 +0100, Adam Back wrote:
>(Tim Dierks: read the earlier posts about ring -1 to find the answer
>to your question about feasibility in the case of Palladium; in the
>case of TCPA your conclusions are right I think).
The addition of an additional security ring with a secured, p
At 09:07 PM 8/12/2002 +0100, Adam Back wrote:
>At some level there has to be a trade-off between what you put in
>trusted agent space and what becomes application code. If you put the
>whole application in trusted agent space, while then all it's
>application logic is fully protected, the danger
--
On 12 Aug 2002 at 16:32, Tim Dierks wrote:
> I'm sure that the whole system is secure in theory, but I
> believe that it cannot be securely implemented in practice and
> that the implied constraints on use & usability will be
> unpalatable to consumers and vendors.
Or to say the same thing
I think you are making incorrect presumptions about how you would use
Palladium hardware to implement a secure DRM system. If used as you
suggest it would indeed suffer the vulnerabilities you describe.
The difference between an insecure DRM application such as you
describe and a secure DRM appl
Peter Biddle, Brian LaMacchia or other Microsoft employees could
short-cut this guessing game at any point by coughing up some details.
Feel free guys... enciphering minds want to know how it works.
(Tim Dierks: read the earlier posts about ring -1 to find the answer
to your question about feasib
Adam Back writes:
> +---++
> | trusted-agent | user mode |
> |space | app space |
> |(code ++
> | compartment) | supervisor |
> | | mode / OS |
> +---++
> | ring -1 / TOR |
> +-
On Mon, Aug 12, 2002 at 01:52:39PM +0100, Ben Laurie wrote:
> AARG!Anonymous wrote:
> > [...]
> > What Palladium can do, though, is arrange that the app can't get at
> > previously sealed data if the OS has meddled with it. The sealing
> > is done by hardware based on the app's hash. So if the O
AARG!Anonymous wrote:
> Adam Back writes:
>
>>I have one gap in the picture:
>>
>>In a previous message in this Peter Biddle said:
>>
>>
>>>In Palladium, SW can actually know that it is running on a given
>>>platform and not being lied to by software. [...] (Pd can always be
>>>lied to by HW - w
