[11585] in cryptography@c2.net mail archive
Re: Cryptographic privacy protection in TCPA
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Aug 30 10:56:09 2002
Date: Fri, 30 Aug 2002 17:35:07 +1200 (NZST)
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@wasabisystems.com, cypherpunks@lne.com,
nobody@dizum.com
Nomen Nescio <nobody@dizum.com> writes:
>If a key is misused, i.e. "scraped" out of the TPM and used to create a
>virtualized, rule-breaking software TPM, it can be revoked. This means that
>all the TPMs that share that one key lose the use of that key. But it doesn't
>matter much, because they each have many more they can use. Since it is
>expected that only a small percentage of TPMs will ever need their keys
>revoked, most TPMs should always have plenty of keys to use.
I designed something along these lines some years ago as a way of building a
fault-tolerant key management system. The idea is that you create a pile of
keys, and these vote on key updates. If a key is compromised, you sign its
replacement with a quorum of non-compromised keys, and replace the bad key.
You also periodically roll over keys as a preventive measure, limiting
exposure due to compromises. No need for a PKI or anything else complex like
that, it's all automatic and transparent.
There can be slight problems if a device stays offline long enough that enough
keys have been rolled over to make reaching a quorum impossible, which was an
issue when I designed the thing but rather unlikely now. I can dig up the
exact details in case anyone's interested.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
