Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
On Tue, Feb 12, 2008 at 10:52:47AM +0900, Kuniyasu Suzaki wrote:
>
> >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
> >>
> >>On Mon, Feb 11, 2008 at 07:31:11AM -0800, Andrew Sackville-West wrote:
> >>> On Mon, Feb 11, 2008 at 11:32:51AM +0000, steef wrote:
> >>> > Kuniyasu Suzaki wrote:
> >>> >> Dear,
> >>> >>
> >>> >> We released KNOPPIX5.1.1 for Trusted Computing Geeks (v1.0).
> >>> >> http://unit.aist.go.jp/itri/knoppix/index-en.html
> >>> >> It includes trusted computing software based on TPM(Trusted Platform
> >>> >> Module). Debian packages on KNOPPIX is validated by Remote Attestation.
> >>> -------------------------------------------------------^^^^^^^^^^^^^^^^^^^
> >>>
> >>> sounds an awful lot like Remote Exploit to me.
> >>
> >>That's indeed remotely similar.
>
> Our remote attestation is a kind of CHECKER of two type of database
> for trustworthy. The database of DSA (Debian Security Advisory)
> validates the packages of knoppix. The database of platform integrity
> was created by our samples, which is listed at
> http://sourceforge.jp/projects/openpts/wiki/PlatformInfo
> The database validates the boot procedure, which is based on "Trusted
> Computing".
Sorry, I just don't get it.
Given that the platform includes gcc, perl and python (and wget), what
practical use is there in in the guarantees you can achive?
What happens if I just innstall something from source?
Recall that for the Xbox it only took one buggy game to allow installing
an arbitrary software (e.g.: Linux) by the user.
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend
Reply to: