Ross's TCPA paper

Nomen Nescio nobody at dizum.com
Mon Jun 24 15:10:13 EDT 2002 

Ross Anderson writes:

> During my investigations into TCPA, I learned that HP has started a
> development program to produce a TCPA-compliant version of GNU/linux.
> I couldn't figure out how they planned to make money out of this. On
> Thursday, at the Open Source Software Economics conference, I figured
> out how they might.
> ...
> The business model, I believe, is this. HP will not dispute that the
> resulting `pruned code' is covered by the GPL. You will be able to
> download it, compile it, check it against the binary, and do what you
> like with it. However, to make it into TCPA-linux, to run it on a
> TCPA-enabled machine in privileged mode, you need more than the code.
> You need a valid signature on the binary, plus a cert to use the TCPA
> PKI. That will cost you money (if not at first, then eventually).

Hmmmm.... Not clear that this really works to make money.  The GPL
allows everyone to redistribute HP's software verbatim, right?  So a
cert on one copy of the software will work on everyone's.  How can HP
make money on a product that everyone can copy freely, when they can
all share the same cert?

It's true that modified versions of the software would not be able to
use that cert, and it would no doubt be expensive to get a new cert for
the modified software.  But that still gives HP no monopoly on selling
or supporting its own version.  Anyone can step in and do that.

Is the cert itself supposed to be somehow copyrighted?  Kept secret?
Will it be illegal to publish the cert, to share it with someone else?
This seems pretty questionable both in terms of copyright law (since
a cert is a functional component) and in terms of the GPL (which would
arguably cover the cert and forbid restrictively licensing it).

It seems more likely that the real purpose is to bring the benefits of
TCPA to the Linux world.  As an innovator in this technology HP will gain
in reputation and be the source that people turn to for development and
support in this growing area.  The key to making money from open source
is reputation.  Being first makes good economic sense.  You don't need
conspiracy theories.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list