[147273] in cryptography@c2.net mail archive
Re: [Cryptography]
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Tue Sep 24 09:41:24 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <523E506D.5040501@comcast.net>
Date: Sun, 22 Sep 2013 17:23:08 -0400
To: "d.nix" <d.nix@comcast.net>
Cc: cypherpunks@cpunks.org, cryptography@metzdowd.com,
cryptography@randombit.net
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sep 21, 2013, at 10:05 PM, d.nix wrote:
> Hah hah hah. Uh, reading between the lines, color me *skeptical* that
> this is really what it claims to be, given the current understanding
> of things...
>
> http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html
The question isn't whether it's what it claims to be. It is that. But is it's *more* than it claims to be.
There are a whole bunch of things in recent Intel chips to provide manageability and security. And there are cases where this is very valuable and necessary - e.g., if you have a large cluster or processors, it's good to be able to remotely configure them no matter what state they are in. There are many similar examples. If it's *your* hardware, *your* ability to control it, in detail, is a good thing. (Yes, if you've been lent the hardware by your employer, it's the *employer* who's the owner, not you, and it's the *employer* who can do what he likes. This has always been the case to a large degree. If it makes you uncomfortable - buy your own machine, don't use your work machine for non-work things.)
The *theory* is that the owner can enable or disable these features, and has the keys to access them if enabled. What we don't know is whether anyone else has a back-door key. The phrase I always use to describe such situations is "if there's a mode, there's a failure mode". Such technology could have been present in previous generations of chips, completely invisibly - but it would have required significant effort on Intel's part with no real payback. But once Intel is adding this stuff anyway ... well, it's only a small effort to provide a special additional back door access.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
