On 2012-08-21 05:42, Julien Pierre wrote: > Anders, > > On 8/14/2012 20:40, Anders Rundgren wrote: >> http://communities.intel.com/community/vproexpert/blog/2012/05/18/intel-ipt-with-embedded-pki-and-protected-transaction-display >> >> Apparently your next PC already has it. > Some PCs based on Intel chips may have it. A few of us out there do not > use Intel chips.
I guess Intel is still "testing the waters" which I think is a good alternative to politically, commercially and technically awkward standardization efforts that seem to take forever and in the end often are circumvented by other developments in the market. Been there, done that :-) > Unless an enterprise is planning to replace all of their PCs, the value > proposition doesn't seem that great vs using standalone smartcard/HSM. It is not about replacing smart cards because smart cards have already failed in the enterprise: Smart cards cannot be bought, initialized and provisioned in a way that works for anybody but government agencies with very deep pockets and plenty of time to spend on "security projects". It is rather a replacement for passwords. Embedded credentials is the thing that will at last/finally make client-side PKI a main-stream authentication solution. > I wonder how they do key backup and recovery also if the CPU is > destroyed/lost. I doubt that key backup is a part of the plot because that IMO creates more problems than it solves. Remote key/device "neutering" is more important in the long run. > > Details seem pretty sketchy. Indeed they are. Anders > >> >> What's missing is a provisioning facility for unleashing the power of this >> scheme so that it isn't limited to one OS, one CA (?), and Enterprises. >> >> Anders >> > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
