Thoughts on droplets

Ben Laurie ben@algroup.co.uk
Tue, 02 Nov 1999 22:50:12 +0000


shapj@us.ibm.com wrote:
> 
> > That was the obvious answer. But how do you protect the private key from
> > abuse?
> 
> That's what the tamper-proof hardware is for.  I'm missing something.

What you are missing (or I am) is that you neglected to mention that
tamper-proof hardware was involved (or I missed you mentioning it).
Clearly its trivial to trust software that runs on tamper-proof
hardware.

Ah, right. I remember now. We were talking about trusting a _remote_
system. How do we ascertain that it is, in fact, running on tamper-proof
hardware? Or are you going to say that the software is burnt into the
tamper-proof hardware, and therefore cannot run on anything else, and
hence all we need to do is verify that the software is the software we
think it is (and make sure no-one ever manages to get an image [oops,
major security hole here])?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi