Thoughts on droplets

Ben Laurie ben@algroup.co.uk
Wed, 03 Nov 1999 12:13:59 +0000


shapj@us.ibm.com wrote:
> 
> > How do we ascertain that it is, in fact, running on tamper-proof
> > hardware?
> 
> You engage in a challenge/response protocol with the tamperproof card.  How
> the card verifies that a proper OS is running on proper hardware is
> something I cannot comment on at this time.

Presumably the "proper hardware" must also be tamperproof (or some vital
parts of the OS must run on tamperproof hardware).

I see two interesting issues here:

1) There ain't no such thing as tamperproof hardware (so far, but I
don't see how there will be in the nearish future, either).

2) There's an interesting bootstrapping problem: presumably the
tamperproof hardware generates the key after manufacture (else it can be
stolen). Someone then has to take the corresponding public key and sign
and circulate it. Using another tamperproof key (and a pile of
tamperproof hardware). I see two problems, firstly the infinite
regression involved, but that can be broken by having one (or a few)
"high-confidence" keys (i.e. keys that _may_ have been tampered with but
we're pretty sure haven't). But that leads to another problem: we have
to trust a smallish number of people who a) have us all over a barrel
(and hence can't be trusted), and b) probably work for the NSA (and
hence can't be trusted).

Cheers,

Ben.


--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi