Oliver Neukum <oneukum@xxxxxxxx> writes: > I think we would need to use a form of public key cryptography > in the same manner used to verify authorship of emails. The host > would provide a nonce value that the device encrypts and returns. > The host would verify the signature. We could initially provision the devices with a unique key and provide the public half on a piece of paper. You'd have to get that into the kernel before the system needed any entropy though, and that seems hard. -- -keith
Attachment:
signature.asc
Description: PGP signature
