Am Freitag, 1. September 2006 00:49 schrieben Sie:
> At Thu, 31 Aug 2006 18:37:40 +0200,
>
> Christian Stüble <address@hidden> wrote:
> > Am Donnerstag, 31. August 2006 16:31 schrieb Marcus Brinkmann:
> > > In the "hosted server as virtual machine" example, I don't think it
> > > makes much sense. If your operations are so critical that you require
> > > a high demand of privacy, you will inevitably consider any
> > > implementation running on a virtual machine on a colocation a grave
> > > risk. Thus, you will better spend the money on a real machine, which
> > > is owned exclusively by you, and you will probably host it in your own
> > > data center. This is more expensive, but we are talking about very
> > > sensitive data, so you will probably do the calculation on a
> > > worst-case-scenario, and decide that it is too risky to colocate it
> > > even on XenTC++ running on Coyotos 2010 complete with mathematical
> > > correctness proof. Try to convince your upper management that this is
> > > a safer choice than running the darn thing yourself!
> >
> > Sorry I am a little confused. Are you talking about the Privacy Agent use
> > case, or another one?
>
> I think I am talking about the privacy agent use case.
But then the problem is different. Lets say your privacy agent calculates
a result y := f( p, s ) on your secret input p and the servie provider's
secret input s. If both parties do not trust each other, they need a TTP
to calculate the result. This is expensive and inefficient. Alternatively,
they can use a TTP within their system, with all the consequences discusses
above.
Using a dedicated machine does not solve the problem. It remains the question
who should control that machine, and whether it has installed an appropriate
OS.