TIP: Click on subject to list as thread! ANSI
echo: nthelp
to: John Beckett
from: Rich
date: 2005-10-06 22:27:48
subject: Re: VPNs
From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0320_01C5CAC5.2E8D08D0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   Your reply falls apart immediately after "as you well know".  In fact =
you have it exactly backwards.

   With a secure boot process you can ensure you are free from boot =
viruses, boot time trojans like the one that I think was eeye that made = a
show of recently, or other forms of tampering.  What you approve is up = to
you and if you use it can provide you with a degree of trust not =
available without secure boot.

   Many of george's opinions on DRM are silly and arise out of his =
position that he is entitled to any content produced by others and that =
he produces nothing himself.  Given george's position of course he will =
balk at anything that makes it harder for him to steal the works of =
others.  If he had something he wanted to protect I suspect he would = balk
at anyone that subverts this and uses it in ways he did not intend.

   In regard to quarantine, you can make your scripts perform updates if =
you wish.  That aside, the simpler model is to perform validation only =
and give a thumbs up or thumbs down.  If the script gives a thumbs down =
the client is not allowed out of quarantine.  You are correct that =
because the client side script determines if the client is trustworthy =
you can't trust the response.  It just raises the bar.  DRM is still =
irrelevant.  Even secure boot doesn't help as each and every client may =
be different.

Rich=20


  "John Beckett" 
wrote in message =
news:phrbk1lko8jqn9rr7rarick9skr6gb3e50{at}4ax.com...
  "Rich"  wrote in message news::
  >    First, DRM is irrelevant here and unless you are trying to spread
  > FUD I don't see why you would mention it.

  As you well know, trusted computing means using hardware, firmware and =
OS
  that are designed so that only approved software can be run. I was =
just
  pointing out to Geo that one side of that coin is DRM, and the other =
is
  having company laptops that you can be really confident don't have =
root
  kits installed.

  Thanks for the links that I will study some other time because I =
haven't
  read about the quarantine service for quite a while. However, my
  recollection is that an admin just gets to run scripts that (you hope)
  will upgrade connecting systems to current patch level, *before* the
  client can access the normal company network - like 802.1X with
  'attitude'.

  I don't think there is any way to avoid connecting machines that may =
have
  root kits to the company network, other than requiring the systems to =
be
  DRM capable.

  John

------=_NextPart_000_0320_01C5CAC5.2E8D08D0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   Your
reply falls apart =
immediately=20
after "as you well know".  In fact you have it
exactly=20 backwards.
 
   With a
secure boot process =
you can=20
ensure you are free from boot viruses, boot time trojans like the one = that I=20
think was eeye that made a show of recently, or other forms of =
tampering. =20
What you approve is up to you and if you use it can provide you with a = degree of=20
trust not available without secure boot.
 
   Many of
george's opinions =
on DRM are=20
silly and arise out of his position that he is entitled to any content = produced=20
by others and that he produces nothing himself.  Given =
george's=20
position of course he will balk at anything that makes it harder =
for him to=20
steal the works of others.  If he had
something he wanted = to=20
protect I suspect he would balk at anyone that subverts this and uses =
it in=20
ways he did not intend.
 
   In regard
to quarantine, =
you can make=20
your scripts perform updates if you wish.  That aside, the simpler
= model is=20
to perform validation only and give a thumbs up or thumbs down.  If = the=20
script gives a thumbs down the client is not allowed out of =
quarantine. =20
You are correct that because the client side script determines if the = client is=20
trustworthy you can't trust the response.  It just raises the =
bar. =20
DRM is still irrelevant.  Even secure boot doesn't help as each
and = every=20
client may be different.
 
Rich 
 
 

  "John Beckett" <FirstnameSurname{at}com=">mailto:FirstnameSurname{at}compuserve.com.omit">FirstnameSurname{at}com=
puserve.com.omit>=20
  wrote in message news:phrbk1lko8j=
qn9rr7rarick9skr6gb3e50{at}4ax.com..."Rich"=20
  <{at}> wrote in message  * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)

SEEN-BY: 633/267 270 5030/786

@PATH: 379/45 1 106/2000 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.