It may be useful to start off with the observation that Palladium will not be the answer for a platform that *the user* can trust. However, Palladium should raise awareness on the issue of what a user can trust, and what not. Since a controling element has to lie outside the controled system, the solution for a trustworthy system is indeed an independent module with processing capability -- but which module the user should be able to control..
This may be a good, timely opening for a solution in terms of a "write code" approach, where an open source trustworthy (as opposed to trusted) secure execution module TSEM (e.g., based on a JVM with permission and access management) could be developed and -- possibly -- burned on a chip set for a low cost system. The TSEM would require user-defined signatures to define what is trustworthy to *the user*, which would set a higher bar for security when compared with someone else defining what is trustworthy to the user. The TSEM could be made tamper-evident, too. Note: This would not be in competition with NCipher's SEE, because NCipher's product is for the high-end market and involves commercial warranties, but NCipher's SEE module is IMO a good example. Comments? Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
