From owner-freebsd-advocacy@FreeBSD.ORG  Tue Oct 28 22:16:19 2003
Return-Path: <owner-freebsd-advocacy@FreeBSD.ORG>
Delivered-To: freebsd-advocacy@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2719C16A4CE
	for <freebsd-advocacy@freebsd.org>;
	Tue, 28 Oct 2003 22:16:19 -0800 (PST)
Received: from firecrest.mail.pas.earthlink.net
	(firecrest.mail.pas.earthlink.net [207.217.121.247])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 641F843F75
	for <freebsd-advocacy@freebsd.org>;
	Tue, 28 Oct 2003 22:16:18 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from user-38ldvac.dialup.mindspring.com ([209.86.253.76]
	helo=mindspring.com)
	by firecrest.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)	id 1AEjcG-0002SM-00; Tue, 28 Oct 2003 22:15:36 -0800
Message-ID: <3F9F5ADB.AE6E245A@mindspring.com>
Date: Tue, 28 Oct 2003 22:14:51 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Timo Sirainen <tss@iki.fi>
References: <1067367085.15026.38.camel@hurina>
	<1067372446.15029.97.camel@hurina>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a42088f1393a4e6ba7e571e084503de266350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
cc: freebsd-advocacy@freebsd.org
Subject: Re: Friendly and Secure Desktop Operating System
X-BeenThere: freebsd-advocacy@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: FreeBSD Evangelism <freebsd-advocacy.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-advocacy>,
	<mailto:freebsd-advocacy-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-advocacy>
List-Post: <mailto:freebsd-advocacy@freebsd.org>
List-Help: <mailto:freebsd-advocacy-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-advocacy>,
	<mailto:freebsd-advocacy-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2003 06:16:19 -0000

Timo Sirainen wrote:
> That is the potentially difficult part to get secure while still being
> user friendly.

Actually, the potentially difficult part is booting.

In order to boot, you have to have an initial delegation of all
authority to something that is allowed to redelegate it to other
parts of the system, applications, etc..

It also has to be the intermediary to delegating the authority
to the user who you are trusting to tell you whether or not you
are allowed to delegate authority to arbitrary programs.

Short of building a serial number into each processor, and making
it an unpriviledged, untrappable machine instruction to obtain
the serial number from the processor and then use it to be able
to cryptographically implement (without having to actually trust
the kernel you are running on, authentication, authorization, and
non-repudiation (this last one is the stumbling block for privacy
advocates and the love-child of the RIAA and MPAA), there's really
no way to accomplish any of this reliably.

-- Terry