trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)

Russell Nelson nelson at crynwr.com
Thu Aug 15 00:30:11 EDT 2002 

Adam Back writes:
 > So there are practical limits stemming from realities to do with code
 > complexity being inversely proportional to auditability and security,
 > but the extra ring -1, remote attestation, sealing and integrity
 > metrics really do offer some security advantages over the current
 > situation.

You're wearing your programmer's hat when you say that.  But the
problem isn't programming, but is instead economic.  Switch hats.  The
changes that you list above may or may not offer some security
advantages.  Who cares?  What really matters is whether they increase
the cost of copying.  I say that the answer is no, for a very simple
reason: breaking into your own computer is a "victimless" crime.

In a crime there are at least two parties: the victim and the
perpetrator.  What makes the so-called victimless crime unique is that
the victim is not present for the perpetration of the crime.  In such
a crime, all of the perpetrators have reason to keep silent about the
comission of the crime.  So it will be with people breaking into their
own TCPA-protected computer and application.  Nobody with evidence of
the crime is interested in reporting the crime, nor in stopping
further crimes.

Yes, the TCPA hardware introduces difficulties.  If there is way
around them in software, then someone need only write it once.  The
whole TCPA house of cards relies on no card ever falling down.  Once
it falls down, people have unrestricted access to content.  And that
means that we go back to today's game, where the contents of CDs are
open and available for modification.  Someone could distribute a pile
of "random" bits, which, when xored with the encrypted copy, becomes
an unencrypted copy.

-- 
-russ nelson              http://russnelson.com |
Crynwr sells support for free software  | PGPok | businesses persuade
521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   |

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list