Challenge to TCPA/Palladium detractors

bear bear at sonic.net
Sun Aug 11 22:58:17 EDT 2002



On Thu, 8 Aug 2002, AARG!Anonymous wrote:

>It's likely that only a limited number of compiler configurations would
>be in common use, and signatures on the executables produced by each of
>those could be provided.  Then all the app writer has to do is to tell
>people, get compiler version so-and-so and compile with that, and your
>object will match the hash my app looks for.

I don't like the idea of a "trusted compiler".  No matter who makes
it.  People should choose compilers based on the compiler's merits
and make optimization and configuration decisions when compiling
based on their particular hardware, not in order to match some other
machine's or other user's ideal of trustable code.  The minute a
compiler becomes a "standard", for any reason, it becomes a target
for people to subvert.

People who are likely to be a source of malicious clients will also
hack hardware if the data is sufficiently valuable to warrant it.
We have already seen how a relatively simple and inexpensive hardware
hack can be used to defeat palladium security, so while it may provide
suitable infrastructure if the attacker's motivation is just the price
of a movie ticket, it is not at all trustable as a structure if the
value of the data being "protected" rises above prices that justify
hardware hacking. Moreover, the same simple hardware hack defeats
every piece of palladium-protected content or software, so the cost
of hardware hacking can be amortized over many "breaks".

I think you are trying to solve in hardware, problems which are
properly protocol-design problems.  This looks like the easy way
out because protocol design is hard, but the fact is that if there
is data you really want to protect which is more valuable than movie
tickets, what you want is a protocol that ensures no one using the
data ever has sufficient information to reconstruct more of it
than their particular licit use of it requires.

				Bear


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list