Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private> BKTRCMPL.RVW 20020916 "Trusted Computing Platforms", Siani Pearson, 2003, 0-13-009220-7, U$49.99/C$77.99 %E Siani Pearson %C One Lake St., Upper Saddle River, NJ 07458 %D 2003 %G 0-13-009220-7 %I Prentice Hall %O U$49.99/C$77.99 +1-201-236-7139 fax: +1-201-236-7131 %O http://www.amazon.com/exec/obidos/ASIN/0130092207/robsladesinterne %P 322 p. %T "Trusted Computing Platforms: TCPA Technology in Context" Part one introduces trusted platform technology, as a kind of public key infrastructure implemented in hardware. (Which begs the question: what do you do about key revocation?) Chapter one, an overview of the trusted computing platform concept, is not very clear on basic ideas beyond hardware implementation involvement and the notion of measurement, or assurance. There are usage scenarios of applications that can be done, or done better, with trusted platforms, in chapter two. Not all of these cases are convincing evidence that trusted platforms are better. The cryptographic underpinnings of trusted platforms are examined in chapter three, but it would be clearer if the basics of asymmetric cryptography were covered and standard cryptographic and certificate authority terms were used. Part two concerns trust mechanisms in a trusted platform, but is basically a list of commands. Chapter four deals with access control, to do with physical presence requirements, ownership, and authorization. Platform identification and endorsement is covered in chapter five. Chapter six discusses integrity recording, reporting, and secure boot. Protected storage of keys is in chapter seven, migration and maintenance methods in chapter eight, and other assorted functions in chapter nine. Part three reviews trusted platforms in practice and operation. Chapter ten describes the setup of a new trusted platform, chapter eleven deals with what would elsewhere be known as trust relationships, and challenging a trusted platform--authentication of a server--is in chapter twelve. Part four presents the benefits of trusted platforms, first to organizations and corporations, in chapter thirteen, and then to individuals and users, in chapter fourteen. This book is not clear, either about what TCPA (Trusted Computing Platform Alliance) technology is, nor how it can effectively be used. Although the authors occasionally admit that there may be problems with the system, there seems to be a kind of background arrogance in operation, that assumes everyone will have to use this technology, so they might was well learn the commands. copyright Robert M. Slade, 2002 BKTRCMPL.RVW 20020916 -- ====================== rsladeat_private rsladeat_private sladeat_private p1at_private Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/ Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458): February 10, 2003 February 14, 2003 St. Louis, MO March 31, 2003 April 4, 2003 Indianapolis, IN - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 08:07:25 PST