RE: [Nea] heads-up on distsec

["Blumenthal, Uri" <uri.blumenthal at intel.com>]

>On Sun, 19 Mar 2006, Thomas Hardjono wrote:
>> My personal opinion on this matter is that something trustworthy
needs to
>> attest to the goodness (trustworthiness) the NEA Client code/binary.
This
>> in-turn requires something that malicious code cannot modify (namely
trusted
>> hardware).
>
>Is it enough to have trusted NEA client code?  The client will collect 
>information from the programs, file systems, and/or the kernel.  So, 
>each of those (except maybe the programs themselves) would need to be 
>"trusted".

Probably not - but NEA client code can have secure "anchors" - and that
would be enough by any standard.

>I'm personally a bit skeptical how we could get there, given that 
>kernels will always have bugs, etc.

There are other things. E.g. TPM...

>Of course, security mechanisms don't necessarily need to be perfect; 
>getting e.g., 95% assurance might be enough, given that's acceptable 
>for your threat model..

There's that too.

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea