[2537] in cryptography@c2.net mail archive
Re: CDSA signatures
daemon@ATHENA.MIT.EDU (Rodney Thayer)
Tue Apr 21 14:17:40 1998
Date: Fri, 17 Apr 1998 20:15:58 -0400
To: cryptography@c2.net
From: Rodney Thayer <rodney@sabletech.com>
I believe they are doing it to gain export status, not for copy protection.
Same reason they want to control the identifiers returned by the components.
>X-Authentication-Warning: blacklodge.c2.net: majordom set sender to
owner-cryptography@c2.org using -f
>From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
>To: cryptography@c2.net, ptrei@securitydynamics.com
>Subject: Re: NYT Article on Groat Spy Case
>Reply-To: pgut001@cs.auckland.ac.nz
>X-Charge-To: pgut001
>X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz
>Date: Wed, 15 Apr 1998 09:42:59 (NZST)
>Sender: owner-cryptography@c2.net
>
>>One semi-defense against trojan attacks on crypto systems can be seen in
CDSA
>>- Intel's Common Data Security Architecture.
>>
>>[...]
>>
>>The trick is that all the modules are signed, and the CSSM checks the
>>integrity of each module loaded, and the modules check the integrity of the
>>CSSM. The system won't work unless all the signatures check out and the root
>>signing authorities for the module certificates are acceptable to the CSSM.
>>The capabilities manifest of each module is also checked - an 'espionage
>>enabled' exportable CSSM won't link a strong crypto provider, for example.
>
>I've always been rather dubious of the CDSA's protection mechanisms - it
looks
>like Intel is trying to re-fight the war over copy protection which was lost
>about a decade ago. The issues are very similar, the only thing which has
>changed is the technology - you have a software protection system which,
>because of its very nature (it's sensitive to minute system changes) can
cause
>more problems than it solves, and the crackers can bypass it anyway so it
only
>ends up inconveniencing legitimate users. Or to quote Jerry Pournelle:
"It was
>protected by an 'unbreakable' system, which meant that it took the crackers a
>full day to break it".
>
>Peter.
>
>
>
>
-- Rodney Thayer <rodney@sabletech.com>
