[messaging] Encrypted Pulic Contact Discovery

Mike Hearn mike at plan99.net
Wed Aug 26 05:14:06 PDT 2015


Yeah, TPM / TXT based RA has always been a half-baked joke. I am not
surprised Intel ran out of patience with the wider ecosystem and just
decided to do it all themselves. SGX looks a lot easier to program and much
more likely to actually work than prior attempts. The fact that it solves
memory bus attacks and is fully on-die is the icing on the cake.

Interestingly, SGX chips identify themselves using a group signature
scheme. Thus they can prove they are issued by Intel without providing any
kind of unique identifier. It's called EPID:

http://csrc.nist.gov/groups/ST/PEC2011/presentations2011/brickell.pdf

So in theory you won't need any special hardware to verify an RA, just to
generate one.

I am guessing the earliest that ordinary Joe's like me will get to play
with SGX is next year at best. Right now it seems to be in some sort of
private testing period.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150826/f6562066/attachment.html>


More information about the Messaging mailing list