USENIX Security TCPA/Palladium Panel Wednesday

Peter N. Biddle peternbiddle at hotmail.com
Tue Aug 6 23:42:12 EDT 2002 

I consider it a Bad Thing that we don't have more clearly organized
technical documentaion to show right now, and I can only say that we are
working on providing this post haste. I certainly am not happy to be
pointing you to blogs as primary sources. I apologize for this, and I will
send stuff out to this alias when we have it.

Peter
++++


> - analysis is greatly hampered by the lack of definitive, concise,
> clearly organized technical documentation.  Some of the main
> informative documents even microsoft is pointing at are like personal
> blog entries and copies of personal email exchanges.

----- Original Message -----
From: "Adam Back" <adam at cypherspace.org>
To: "AARG!Anonymous" <remailer at aarg.net>
Cc: <shamrock at cypherpunks.to>; <cypherpunks at lne.com>;
<cryptography at wasabisystems.com>
Sent: Tuesday, August 06, 2002 4:57 PM
Subject: Re: USENIX Security TCPA/Palladium Panel Wednesday


> Anonymous: clearly Lucky and Ross have been talking about two aspects
> of the TCPA and Palladium platforms:
>
> 1) the implications of platform APIs planned for first phase
> implementation based on the new platform hardware support;
>
> 2) the implications of the fact that the owner of the machine is
> locked out from the new ring-0;
>
> For 2) one obviously has to go beyond discussing the implications of
> the APIs discussed in the documents, so the discussion has included
> other APIs that could be built securely with their security rooted in
> the new third-party controlled ring-0.
>
> In my initial two messages looking at implications I did try to
> clearly distinguish between documented planned APIs and new APIs that
> become possible to build with third-party controlled ring-0s.
>
> Other areas where analysis is naturally deviating from the aspects
> covered by the available documentation (such as it is) are:
>
> - discussion of likelihood that a given potential API will be built
>
> - looking at history of involved parties:
>
>   - Intel: pentium serial number
>   - Microsoft: litany of anti-competetive and unethical business
>     practices,
>   - governments: history of trying to push key-escrow, censorship,
>     thought-crime and technologies and laws attempting to enforce
>     these infringements of personal freedom
>   - RIAA/MPAA: history of lobbying for legislation such as DMCA,
>     eroding consumer rights
>   - industry/government collaboration: Key Recovery Alliance
>     (www.kra.org), which shows an interesting intersection of
>     big-companies who are currently and historically were signed on to
>     assist the government in deploying key-escrow
>
> - suspicion that the TCPA/Microsoft are putting their own spin and
> practicing standard PR techniques: like selective disclosure,
> misleading statements, disclaiming planned applications and hence not
> taking everything at face value.  TCPA/Microsoft have economic
> pressures to spin TCPA/Palladium positively.
>
> - analysis is greatly hampered by the lack of definitive, concise,
> clearly organized technical documentation.  Some of the main
> informative documents even microsoft is pointing at are like personal
> blog entries and copies of personal email exchanges.
>
> a number of your responses have been of the form "hey that's not a
> fair argument, what section number in the TCPA/Palladium documents
> gives the specification for that API".
>
> I suspect some arguing about the dangers of TCPA/palladium feel no
> particular obligation to point out this distinction the fact that an
> API is not planned in phase 1, or not publicly announced yet offers
> absolutely no safe-guard against it's later deployment.
>
> Adam
>
> On Tue, Aug 06, 2002 at 03:15:17PM -0700, AARG!Anonymous wrote:
> > Lucky Green writes:
> > > The slides of the talk on TCPA that I gave over the weekend at DEFCON
> > > are now available at http://www.cypherpunks.to
> >
> > Amazing claims you are making there.  Claiming that the TPM will be
> > included on "all future motherboards"; claiming that an objective is
> > to meet the operational needs of law enforcement and intelligence;
> > claiming that TCPA members (all 170 of them?) have more access to his
> > computer than the owner; fantasizing about an "approved hardware list"
> > and "serial number revocation list" which don't exist in the spec(!);
> > further fantasies about a "list of undesirable applications" (where do
> > you get this stuff!).
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
>

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list