[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security

[John C. Randolph]

On Thursday, March 22, 2001, at 08:35 AM, wojtek@ifirma.pl wrote:

>
> You are right.  I get it. Let me think it over again.
>
> This problem might be reduced to: verify what you boot.
>
> But wait a minute, there is an option, unfortunately quite hard to
> implement: boot from the token. It would require two things to be put 
> on a
> token: 1. bootstrap 2. kernel signature. Then the bootstrap would only 
> load
> the kernel from hard drive and verify its signature.  Then the kernel 
> would
> be responsible for verifying signatures of software it loads. The 
> trusted
> set of certificates might reside on the token. Lets also grant that the
> bootstrap and your OS vendor cert is always read-only.
>
> Do you find this possible? Anything wrong in this scenario?

It's not hard to find devices that would serve as a physical token, and
give you four megs or so of storage.

Shoot, you could even use an IBM microdrive, and carry a whole gig
around with your car keys.

-jcr