Challenge to David Wagner on TCPA

AARG!Anonymous remailer at aarg.net
Tue Aug 6 18:20:02 EDT 2002 

Lucky Green wrote:
> Ray wrote:
> > To make their denial credible, they could give the owner 
> > access to the private key of the TPM/SCP.  But somehow I 
> > don't think that jibes with their agenda.
>
> Probably not surprisingly to anybody on this list, with the exception of
> potentially Anonymous, according to the TCPA's own TPM Common Criteria
> Protection Profile, the TPM prevents the owner of a TPM from exporting
> the TPM's internal key. The ability of the TPM to keep the owner of a PC
> from reading the private key stored in the TPM has been evaluated to E3
> (augmented). For the evaluation certificate issued by NIST, see:
>
> http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-VR-TPM.pdf

This has to be true for the basic security goal of remote trust, right?
The purpose is so that the user can credibly convince a remote system that
he is running a certain program.  Explain to me how he could do this if
he were able to reload the TPM key with one of his own, or get access
to the private key?  Wouldn't that let him forge arbitrary messages?
You might as well complain that Verisign doesn't share their private key
with everyone.  Either way you lose the trust properties of the system.

> > If I buy a lock I expect that by demonstrating ownership I 
> > can get a replacement key or have a locksmith legally open it.
>
> It appears the days when this was true are waning. At least in the PC
> platform domain.

We have had other systems which work like this for a long while.
Many consumer devices are sealed such that if you open them you void
the warranty.  This is to your advantage as a consumer; it means that you
can take the device in to get it fixed, and the intact seal proves that
you didn't mess with the insides and break it.  By your logic, consumers
ought to be able to bypass such seals since they own the device.  But if
this were true, don't you agree that it would make the seals useless?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list