[146763] in cryptography@c2.net mail archive
Re: [Cryptography] Protecting Private Keys
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sat Sep 7 16:38:33 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130907142052.GA4889@jis.tzo.com>
Date: Sat, 7 Sep 2013 16:30:42 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "Jeffrey I. Schiller" <jis@mit.edu>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3131073958802602846==
Content-Type: multipart/alternative; boundary=001a113364606fdb4404e5d107e0
--001a113364606fdb4404e5d107e0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On Sat, Sep 7, 2013 at 10:20 AM, Jeffrey I. Schiller <jis@mit.edu> wrote:
>
> If I was the NSA, I would be scavenging broken hardware from
> =93interesting=94 venues and purchasing computers for sale in interesting
> locations. I would be particularly interested in stolen computers, as
> they have likely not been wiped.
>
+1
And this is why I have been so peeved at the chorus of attack against
trustworthy computing.
All I have ever really wanted from Trustworthy computing is to be sure that
my private keys can't be copied off a server.
And private keys should never be in more than one place unless they are
either an offline Certificate Signing Key for a PKI system or a decryption
key for stored data.
--=20
Website: http://hallambaker.com/
--001a113364606fdb4404e5d107e0
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Sat, Sep 7, 2013 at 10:20 AM, Jeffrey I. Schiller <span=
dir=3D"ltr"><<a href=3D"mailto:jis@mit.edu" target=3D"_blank">jis@mit.e=
du</a>></span> wrote:<br><div class=3D"gmail_extra"><div class=3D"gmail_=
quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-=
left:1px #ccc solid;padding-left:1ex">
<br>
If I was the NSA, I would be scavenging broken hardware from<br>
=93interesting=94 venues and purchasing computers for sale in interesting<b=
r>
locations. I would be particularly interested in stolen computers, as<br>
they have likely not been wiped.<br></blockquote></div><div><br></div><div>=
+1</div><div><br></div><div>And this is why I have been so peeved at the ch=
orus of attack against trustworthy computing.</div><div><br></div><div>
All I have ever really wanted from Trustworthy computing is to be sure that=
my private keys can't be copied off a server.</div><div><br></div><div=
><br></div><div>And private keys should never be in more than one place unl=
ess they are either an offline Certificate Signing Key for a PKI system or =
a decryption key for stored data.=A0</div>
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>
--001a113364606fdb4404e5d107e0--
--===============3131073958802602846==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3131073958802602846==--
