example: secure computing kernel needed

Jerrold Leichter jerrold.leichter at smarts.com
Sun Dec 14 19:21:48 EST 2003 

| When it comes to the PC's operating system,
| there is apparently no economic way to achieve
| what you suggest - ensuring that it hasn't
| been tampered with - so few bother to worry
| about it.  If more security is desired, the
| preferred method is to bypass the PC's OS
| completely.
...which is, I would think, the only reasonable approach!  In fact, even
TCPA takes exatly this approach.  And it's hardly new, from identification (a
SecureID token is a separate, secure box, not a piece of software to run on
your PC) to IP protection (dongles being exactly tamper-resistant secure
computing kernels).

In no case does you, as the end-user, have any real say over what the secure
kernel does or how it is used.  By its nature, it operates, for the most part,
outside of your control.

Which brings up the interesting question:  Just why are the reactions to TCPA
so strong?  Is it because MS - who no one wants to trust - is involved?  Is
it just the pervasiveness:  Not everyone has a smart card, but if TCPA wins
out, everyone will have this lump inside of their machine.

I think many of the reasons people will give will turn out, on close
reflection, to be invalid.  Sure, you can choose not to buy software that uses
dongles - and you'll be able to chose software that doesn't rely on TCPA.
(In both cases, depending on the kind of software, you may find that your
choice is "run it our way, or do without".)  You can choose not to use a bank
that requires you to have a smartcard - but in practice you would be chosing
less security.


We've met the enemy, and he is us.  *Any* secure computing kernel that can do
the kinds of things we want out of secure computing kernels, can also do the
kinds of things we *don't* want out of secure computing kernels.  if the
kernel can produce *our* unforgeable signature, it can produce someone else's
as well.  Sure, we can decline to allow our secure computing kernel to be used
for that purpose - but someone else may then choose not to do business with
us.

I think the real threat of TCPA is not in any particular thing it does, but in
that it effect 'renders the world safe for dongles".  MS *could* today require
that you have a dongle to use Word - but to do so, even with their monopoly
power, would be to quickly lose the market.  Dongles are too inconvenient, and
carry too much baggage.  But when the dongle comes pre-installed on every
machine, the whole dynamic changes.
							-- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list