[nzlug] Where to start... where to start...

[Matthew Poole]

On Tue, 12 Feb 2008, Robin Sheat wrote:

> My issue with the TPM things is that I think the default is that the 
> owner of the machine doesn't get the keys. If they did, I wouldn't have 
> a problem with it.
>
My understanding is that the module works on the same lines as the CA 
model used for SSL certs. There's a master "cert" (for want of the correct 
term, which I don't remember) on the TPM that is signed by the mfr of the 
system, in the same way that Verisign and the other usual suspects sign a 
root CA and don't tell everyone the key. Other keys can then be generated 
against the TPM, by the user, for their own purposes.

My concern is that there's no way to update the hashing algorithm in 
shipped modules, and thus far it's been SHA1 which is now considered 
insecure.

-- 
Matthew Poole
"Don't use force.  Get a bigger hammer."