[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Challenge: Confinement
|
From: |
Christian Stüble |
|
Subject: |
Re: Fwd: Challenge: Confinement |
|
Date: |
Tue, 29 Aug 2006 10:11:48 +0200 |
|
User-agent: |
KMail/1.9.1 |
Hi,
sorry for the late response, but I have to do some work in parallel :-)
Therefore I may not be able to answer all questions. But I do my best.
> In the context of personal data protection:
> What kind of use do you have in mind?
Depends. Of course a "not so efficient" approach would be to prevent someone
fro copying my email address but display it on the screen. You can prevent
that someone prints the address, but not that it is written down.
Nevertheless, it would make it harder for 'parties' to give my email to
someone else.
Maybe more interesting applications I have in mind are:
- Agents that store private information internally and use them only
internally as an argument of an internal function. Some kind of
object-oriented approach..
- More pragmatic: Store a signature key inside that signs emails before
sending it to you. You can define how often the signature can be used. Use
the signature to identify non-spam.
> How do you enforce once-only
> use?
If you have a TPM (at least v1.2), it should be possible to prevent replay
attacks. This functionality could also be used to enforce once-only use.
> Once you get the data, you can print them, or write them down.
> What kind of use guarantees no reuse?
If (i) nobody has access to an application's internal state and (ii) the
application decides not to print, it will not be printed. The first
assumption is, of course, very important to enforce my personal privacy
rules.
>
> If the administrator of the system cannot access the data how do you
> make backups?
The administrator may not be able to access the internal state of some
applications. Nevertheless, it may be able to backup encrypted data. The
challenging question is to backup information of type "replay attack
protected". :-) We are currently thinking abou how to realize this in a
multilaterally secure way.
> I do not see how DRM can be of much help if you want to use a system
> that is controlled by a party that you do not trust.
It is controlled in such a way that the remote party can define any security
policy. Nevertheless, my "privacy-protecting agent" will only be executable
if the security policy fulfills some of my requirements (e.g., not to access
the state of my agent).
> Sure encryption
> can do something for you. DRM can do a little but not much. And you
> still have to trust the provider DRM which I do not consider much
> wiser than trusting the party controlling the system.
What do you mean with DRM? What is the provider DRM? I am only talking about
my provacy agent that is using TC-like technology to be able to negotiate
a policy acceptable by my and the platform owner.
Regards,
Chris
- Re: Separate trusted computing designs, (continued)
- Re: Separate trusted computing designs, Jonathan S. Shapiro, 2006/08/31
- Re: Separate trusted computing designs, Christian Stüble, 2006/08/31
- Re: Separate trusted computing designs, Marcus Brinkmann, 2006/08/31
- Re: Separate trusted computing designs, Jonathan S. Shapiro, 2006/08/31
- Retracting the term ownership (was: Re: Separate trusted computing designs), Marcus Brinkmann, 2006/08/31
- Re: Retracting the term ownership (was: Re: Separate trusted computing designs), Jonathan S. Shapiro, 2006/08/31
- Re: Retracting the term ownership (was: Re: Separate trusted computing designs), Marcus Brinkmann, 2006/08/31
Re: Challenge: Confinement, olafBuddenhagen, 2006/08/15
Message not available
Challenge: Confinement, Christian Stüble, 2006/08/16