Cryptogram: Palladium Only for DRM
AARG!Anonymous
remailer at aarg.net
Mon Sep 16 19:47:27 EDT 2002
Greg Rose writes:
> Well, the bank's and the users' interests are only *mostly* aligned. The
> user really wants to be able, in the case of some strange disagreement, to
> take the application to a disassembler and show that it occasionally
> transfers twice as much money as it is supposed to, and show that its own
> records note such transfers. Under Palladium, the user loses the ability to
> audit either the program itself or the program's static data. In theory,
> this doesn't matter, but in practice...
>From what has been said by Microsoft about Palladium, it is not true that
Pd prevents users from auditing the program. While it is on the disk,
the program is an ordinary file and not encrypted [1]. This will allow
it to be disassembled and inspected.
In addition, I have argued that trusted computing in general will work
very well with open source software. It may even be possible to allow
the user to build the executable himself using a standard compilation
environment. (Of course, in actuality few end users are prepared to run
compilers for themselves, but as long as at least some people can do it,
this can provide assurance that the executable matches the source.)
Running an open-source program on a trusted computing platform provides
the best of both worlds. The user is protected against misbehavior
on the part of the executable, because he knows exactly what it can do.
And the software is protected against misbehavior on the part of the user,
by virtue of the hardware protection. In this way, the interests of all
parties are balanced.
[1] A message from Microsoft's Peter Biddle on 5 Aug 2002; unfortunately
the cryptography archive is missing this day's messages. "The memory
isn't encrypted, nor are the apps nor the TOR when they are on the
hard drive. Encrypting the apps wouldn't make them more secure, so they
aren't encrypted." See also
http://www.mail-archive.com/cryptography@wasabisystems.com/msg02554.html,
Lucky Green's description of Microsoft's lack of plans to use Pd for
copy protection.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list