Principal: Computers
The Webís Trusted Computing Base?
- Client PCs have many points of failure
- Even https: relies on routing and domain naming
Entrusting Devices as Devices
- To execute cryptographic operations correctly
- To modify internal state or trigger peripherals
- Checksums, clock freshness, channel security, etc can only prove a consistent address
- Example: Cellphone cloning fraud conflates device authentication (ser #) with user authorization (bill)