Cryptogram: Palladium Only for DRM
Seth Johnson
seth.johnson at RealMeasures.dyndns.org
Mon Sep 16 12:19:04 EDT 2002
(Forwarded from No DMCA in Canada list)
-------- Original Message --------
Subject: [d at DCC] a comment about Palladium in CryptoGraph
Date: Mon, 16 Sep 2002 11:57:13 -0400
From: Michael Richardson <mcr at sandelman.ottawa.on.ca>
To: No DMCA in Canada <canada-dmca-opponents at flora.org>
http://www.counterpane.com/crypto-gram.html
From: Niels Ferguson <niels at ferguson.net>
Subject: Palladium
Microsoft claims lots of benefits for Pd, some of which are
to allow Digital Rights Management (DRM). However, most of
the benefits can already be achieved by existing hardware.
All Intel CPUs since the 286 have had very good hardware
separation between tasks. It is only Microsoft's choice not
to use this feature that has led to a single hunk of
inter-dependent code.
Intel CPUs can protect one program from the other. You can
create secure device drivers which can no longer crash you
computer. But, the basic operating system will always have
full control of the computer. So you can protect programs
from each other, and the user from malicious programs, but
the user always maintains complete control over his machine.
What Pd adds is to take control away from the user. It
"allows" the user to give up part of his control over the
machine, and give it to a program. This is of course
required for DRM, but I cannot really think of any other
application. They talked about some things like banking
software, but that is just silly. We have perfectly good
cryptography to handle those threats, and using Pd for
banking would be very dangerous. After all, the Pd chip
isn't protected against physical attacks, so you have to
trust the owner of the computer anyway.
There was some misdirection about it not being possible to
change the whole Windows operating system, so Pd is needed
to create a kind of micro-kernel under the OS. This is not
true. You can do the same on Intel hardware; VMware is a
good example. Microsoft can achieve the same security
features (except for DRM) using existing hardware and the
same amount of software development effort.
My conclusion: The only reason for Pd is DRM. All the rest
is just a smoke-screen, or stupidity. You can never tell
the difference.
--
For (un)subscription information, posting guidelines and
links to other related sites please see
http://www.digital-copyright.ca
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list