From: Ben Byer <root@bushing.plastic.crosslink.net>
Date: Thu, 19 Dec 1996 18:14:54 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b00aedf4a134af2@[192.0.2.1]>
Message-ID: <199612200218.VAA00383@bushing.plastic.crosslink.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> 
> At the last meeting references were made to processors which only
> execute encrypted code.  Decryption occurs on chip.
> 
> If each chip has a unique public/secret key pair, and executes
> authenticated code only, there are some interesting implications.

Let's see... What about this scenario:

Alice gets a contraband copy of PGP 4.0 off the Internet.  Since the
public-key algorithm is publicized so that people can encrypt software
to a chip, PGP 4.0 has the ability to encode/decode/generate keys for
the chip.  Alice generates a public key/private key pair 0x12345678,
in software.  Alice goes to www.microsoft.com and orders Office '99
online, and tells Microsoft "Hi, my name is Alice, my credit card
number is 31426436136778 and my PGPentium's public key is 0x12345678."

Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for
which she has the private key to.  Alice decrypts Office '99, and
reencrypts it with public key of her PGPentium, as well as the keys f
all her friends.

Does the authentication defeat this?  Our computers would only run
software from Microsoft?  Scary.

- -- 
Ben Byer    root@bushing.plastic.crosslink.net    I am not a bushing

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMrn3V7D5/Q37XXHFAQFuVAMAg90hbta98fduPUdvneYYbfZe4v+9fsmc
rSyYYStamC/mX8Mr2BRJVtNlOoWLkALhfPcnF0tKL5cVBTgufVlZRyJBc5KypkeZ
q/hyIupaA4aETwALBlEdZ+3k1eOKiE6L
=nGsN
-----END PGP SIGNATURE-----