[Olpc-open] [possible improvement]built-in identity module
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Wed Feb 7 13:21:21 EST 2007
Bipin Gautam wrote:
> some sort of uniq identification mechanism should be in ROM chip that
> can be verified from network
Such a mechanism is there already, to some degree. See the Bitfrost
security specification[0], specifically section 8.21 on P_SERVER_AUTH.
Of course, we don't have a TPM chip. We're not doing any kind of remote
attestation. This is by design, and P_SERVER_AUTH is a purely
cooperative mechanism -- it works if the user's machine wishes to
identify itself, which it does only with trusted servers, for some value
of 'trusted'.
I'm setting Reply-To for this to the security list, as the discussion
belongs there.
[0] http://wiki.laptop.org/go/Bitfrost
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
More information about the Olpc-open
mailing list