lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: Simon.Richter at hogyros.de (Simon Richter)
Subject: Trustworthy Computing Mini-Poll

Hi,

On Mon, Dec 16, 2002 at 04:12:51PM -0500, smcalearney@...osecuritymag.com wrote:
> Information Security would like to ask your opinion on Microsoft's
> Trustworthy Computing initiative. Please answer the following questions:

I have different questionnaire:

1. Do you think the TC initiative (as it currently is) is a good thing?

2. Would you buy TC enabled
    - CPUs?
    - CD/DVD readers?
    - Graphics/sound cards?

3. Would you be interested in a CPU that only allows code to execute in
    a lower ring if the code was signed by
    - the owner of the computer?
    - the owner of the computer, with the option to build a web of
      trust?
    - a set of companies, selected by the owner?
    - a set of companies, selected by a government agency?
    - a set of companies, selected by OS vendors?
    - an OS vendor?

4. Would you be interested in a solution that would allow your computer
to query for sensitive information (passwords, passphrases) securely,
for example by blinking a LED to indicate that you are in secure mode
and that the stuff you type is actually read only by a trusted
application (like the login program)?

This stuff has some interesting potential if you do it right. The
question I have to ask you is whether you think the risks involved are
too great for the gain achieved (so all of this should be dropped), or
whether you think it would make sense to e.g. form a lobby group and ask
for the "owner + web of trust" solution. It is technically doable and in
the line of liberalism, so I think it has a good chance of becoming law.
:-)

   Simon

-- 
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD  ADC6 18A0 CC8D 5706 A4B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021218/1b7e5e87/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ