[12459] in cryptography@c2.net mail archive
DRM with remote attestation (Re: A talk on Intellectual Property and National Defense)
daemon@ATHENA.MIT.EDU (Adam Back)
Tue Feb 4 20:26:32 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Tue, 4 Feb 2003 22:16:50 +0000
From: Adam Back <adam@cypherspace.org>
To: "Trei, Peter" <ptrei@rsasecurity.com>
Cc: Dave Farber <dave@farber.net>,
"'Adam Shostack'" <adam@homeport.org>, cryptography@wasabisystems.com
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A04D4A5AD@exna07.securitydynamics.com>; from ptrei@rsasecurity.com on Tue, Feb 04, 2003 at 12:36:25PM -0500
No that's not the way it would work.
There would be a secure remote attestation certified by the
endoresment key which is signed by the hw manufacturer and never
leaves the device. Bound to this attestation would be a key exchange
which results the device negotiating a shared key with the music
server. The music server keys would be sealed with keys derived from
your current software state (OS, BIOS etc).
Then you can boot anyway you like, online or offline, just if you ever
boot without the right state the TPM can't recompute the sealing keys
and so you can't access data sealed under that state.
Adam
--
(Personal comments only)
On Tue, Feb 04, 2003 at 12:36:25PM -0500, Trei, Peter wrote:
> 'secure remote attestation that the boot
> sequence was followed'
>
> seems to imply that a net connection back
> to Hollywood would be required to boot.
>
> 'All your computer are belong to us'.
>
> Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
