|
Intel plans for world dominationGood afternoon gentlemen, I've been reading the correspondence on the possibility of govt keystroke access with some interest. I'm in a slightly odd position as I'm responsible for security in one of the larger wintel companies. As such I've been getting quite a feeling of deja vu reading your mails. Intel and others are moving in exactly this direction with a number of initiatives, most notably the PC98, PCXX, and "Wired For Management". WfM in particular is very scary - one of the components is a facility for PC's to download and run digitally signed software before the OS is booted - between "the end of BIOS initialisation and when control is transferred to a high-level OS" in the words of one Intel document. The code is verified by routines embedded in the BIOS and will allegedly use some subset of X.509v3 and PKCS#1. As so often happens in circumstances like this I can't risk passing documents directly as I can't be sure of their provenance - I really have no idea which ones are now considered trade secrets and which have been made public. Instead I recommend you have a look at the Intel WfM site http://www.intel.com/ial/wfm/ with particular reference to the "Pre-Boot Execution Environment" (PXE) and "System Management BIOS" SMBIOS). The Microsoft pc98 site is at http://www.microsoft.com/hwdev/pc98.htm and the Intel one at http://developer.intel.com/design/pc98/
And, DM reminds of the DIRT program Ray Arachelian first posted here: There's an article on page 37 of the July 6, 1998 issue of NetworkWorld about a new software product for Windows machines that is basically a trojan horse that allows access to all keystrokes and files on a system from a remote "America's Most Wanted"-type HQ. I can't find the article online at
KRAP is at it in the IETF
It has come to my attention that the KRAP (key recovery alliance program) has submitted an I-D (internet draft) to the IETF for adding GAK (government access to keys) to the IPSEC protocols:
ftp://ftp.ietf.org/internet-drafts/draft-rfced-exp-markham-00.txt
ISAKMP Key Recovery Extensions
I consider this a perversion of the standards process of the IETF to advance a political agenda which must be stopped at all cost.
Below are the e-mail addresses of some people that you should write (politely) expressing your objections to any such additions to the protocols:
IPSEC Chairs:
Theodore Ts'o
Robert Moskowitz
Security Area Directors:
Jeffrey Schiller
As I mentioned before, be polite. These people are not the ones proposing GAK be added to the IPSEC protocols. They have put a lot of time and effort in forwarding the cause for strong encryption. They should be made aware of the communities objections to these attempts by KRAP.
"William H. Geiger III"
|
[Datenschleuder]
[64]
Intel plans for world domination