From: Mike Helm 
Subject: Re: "Trusted Computing" BOF in GGF13, SEC Area 


TC-like service in existing CA's
ESnet/DOEGrids uses HSM's - Hardware Security Modules - expensive
  add-on hardware that secures the CA's signing key (and other things).
This hardware is mandatory for on-line CA use, and is useful in
all kinds of CA's.

TCPA might be very useful for certain kinds of trusted applicatinos
relating to CA's:
    Existing CA's -- helping to protect HSM software
    CA's issuing short term certificates:
       proxy cert management systems
       KX509 - type CA's
       Trusted OSCP responders
       Trusted "indirect" CRL signers
       Attribute authorities
       Kerberos KDC's
There should be a number of use cases we can derive from this.

In addition, our particular HSM vendor - nCipher - offers some features
beyond the traditional scope of TCPA:	
       a trusted computing environment
       remote operations and management

These blend into but are beyond what I think of as TCG scope;
maybe it is worth discussing generalizing this for possible
future grid use and TCG examination.

Finally: how can we CA operators help make TC useful for 
Grid users?  Signing certs, appropriate extensions/assertions,
automated services and registration - what can we do?

I said some of this, but not all.  

Does this help?
Thanks ==mwh