Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

>>From: Andrew Sackville-West <andrew@farwestbilliards.com>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>
>>On Tue, Feb 19, 2008 at 11:37:17AM +0900, Kuniyasu Suzaki wrote:
>>>
>>> >>From: Andrew Sackville-West <andrew@farwestbilliards.com>
>>>
>>> >>How does the system behave when the authentication server is down? How do you deal
>>> >>with a compromised authentication server?
>>>
>>> Client takes vulnerability check only. There is no action on the client.
>>
>>I presume that the client exchanges some information with the
>>server. What happens when that server is compromised and sends
>>compromised information?

The server check Platform Manifest and RunTime Manifest. Platform Manifest includes the boot record and RunTime Manifest includes the log of executed applications on Linux-IMA. If the manifests don't match, the server returns error.

   http://sourceforge.jp/projects/openpts/wiki/FrontPage/attach/20080129-KNOPPIX511TCG-OPTS-UsersGuide-v1_0-E.pdf

The database on the server is updated by DSA:Debian Security Advisory.   http://www.debian.org/security/

--
suzaki

 >>A
 >>
 >>ps. thanks for continuing to answer these question.



-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org