RE: [Nea] heads-up on distsec

[Pekka Savola <pekkas at netcore.fi>]

Hi,

On Sun, 19 Mar 2006, Thomas Hardjono wrote:
> My personal opinion on this matter is that something trustworthy needs to
> attest to the goodness (trustworthiness) the NEA Client code/binary. This
> in-turn requires something that malicious code cannot modify (namely trusted
> hardware).

Is it enough to have trusted NEA client code?  The client will collect 
information from the programs, file systems, and/or the kernel.  So, 
each of those (except maybe the programs themselves) would need to be 
"trusted".

I'm personally a bit skeptical how we could get there, given that 
kernels will always have bugs, etc.

Of course, security mechanisms don't necessarily need to be perfect; 
getting e.g., 95% assurance might be enough, given that's acceptable 
for your threat model..

(That was one of the reasons why distsec was refined to also look at 
minimizing the effect and maximizing the detection of a security 
breach that's bound to happen sooner or later.)

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea