[Chaos CD]
[Datenschleuder] [64]    Intel plans for world domination
[Gescannte Version] [ -- ] [ ++ ] [Suchen]  

 

Intel plans for world domination

Good afternoon gentlemen,

I've been reading the correspondence on the possibility of govt keystroke access with some interest. I'm in a slightly odd position as I'm responsible for security in one of the larger wintel companies. As such I've been getting quite a feeling of deja vu reading your mails. Intel and others are moving in exactly this direction with a number of initiatives, most notably the PC98, PCXX, and "Wired For Management". WfM in particular is very scary - one of the components is a facility for PC's to download and run digitally signed software before the OS is booted - between "the end of BIOS initialisation and when control is transferred to a high-level OS" in the words of one Intel document. The code is verified by routines embedded in the BIOS and will allegedly use some subset of X.509v3 and PKCS#1.

As so often happens in circumstances like this I can't risk passing documents directly as I can't be sure of their provenance - I really have no idea which ones are now considered trade secrets and which have been made public. Instead I recommend you have a look at the Intel WfM site http://www.intel.com/ial/wfm/ with particular reference to the "Pre-Boot Execution Environment" (PXE) and "System Management BIOS" SMBIOS). The Microsoft pc98 site is at http://www.microsoft.com/hwdev/pc98.htm and the Intel one at http://developer.intel.com/design/pc98/

And, DM reminds of the DIRT program Ray Arachelian first posted here: There's an article on page 37 of the July 6, 1998 issue of NetworkWorld about a new software product for Windows machines that is basically a trojan horse that allows access to all keystrokes and files on a system from a remote "America's Most Wanted"-type HQ. I can't find the article online at , but you can go the the company's site at to see it. Sale of DIRT is "restricted to military, government, and law enforcement agencies", the article says.

KRAP is at it in the IETF

It has come to my attention that the KRAP (key recovery alliance program) has submitted an I-D (internet draft) to the IETF for adding GAK (government access to keys) to the IPSEC protocols: ftp://ftp.ietf.org/internet-drafts/draft-rfced-exp-markham-00.txt

ISAKMP Key Recovery Extensions 

7. AUTHOR INFORMATION
   Tom Markham
   Secure Computing Corp
   2675 Long Lake Road
   Roseville, MN 55113   USA
   Phone: 651.628.2754,    Fax:   651.628.2701
   EMail: tom_markham@securecomputing.com

I consider this a perversion of the standards process of the IETF to advance a political agenda which must be stopped at all cost.

Below are the e-mail addresses of some people that you should write (politely) expressing your objections to any such additions to the protocols:

IPSEC Chairs:

Theodore Ts'o

Robert Moskowitz

Security Area Directors:

Jeffrey Schiller Marcus Leech

As I mentioned before, be polite. These people are not the ones proposing GAK be added to the IPSEC protocols. They have put a lot of time and effort in forwarding the cause for strong encryption. They should be made aware of the communities objections to these attempts by KRAP.

"William H. Geiger III"

 

  [Chaos CD]
[Datenschleuder] [64]    Intel plans for world domination
[Gescannte Version] [ -- ] [ ++ ] [Suchen]