Closed kgal closed 8 years ago
jeffblank
commented
8 years ago Given the nascent effort for a Discrete Storage Component, maybe this should be handled there, i.e. in the future? Also please avoid terms like "high trust" -- people will start getting all EAL-ish about it, and we all know that's nonsense. Let's talk tomorrow...
ajcousi
commented
8 years ago I wouldn't call an OS that didn't provide PIN unlock neglegent though - this sounds like a nice to have but not a mandatory security enforcing function.
kgal
commented
8 years ago This requirement is for systems like Microsoft Passport (hence the bourdett assignment) and we're obviously not making this a requirement. It's some sort of selection or optional requirement.
kgal
commented
8 years ago Added joe's stuff.
Systems that store keys in mechanisms of high trust, should be able to unlock the keys and the larger system with a simple pin. Requirements (and selections) like key wrapping , need to be added to facilitate this.