Difference between TCPA-Hardware and other forms of trust

bear bear at sonic.net
Thu Dec 18 13:48:32 EST 2003



On Wed, 17 Dec 2003, Jerrold Leichter wrote:

>Given this setup, a music company will sell you a program that you must
>install with a given set of access rights.  The program itself will check
>(a) that it wasn't modified; (b) that a trusted report indicates that it
>has been given exactly the rights specified.  Among the things it will check
>in the report is that no one has the right to change the rights!  And, of
>course, the program won't grant generic rights to any music file - it will
>specifically control what you can do with the files.  Copying will, of course,
>not be one of those things.

I think that if the music company wants that much control
(which is, btw, in clear violation of the First Sale Doctrine),
then the only legal way for them to achieve it is to provide
a player specifically for the music which they own, in exactly
the same way that banks retain ownership of the credit cards
and smartcards we use.  As long as the player is not their
property, they can't do this.

The major problem I want a trusted kernel for is because I
don't want to trust binaries provided by closed-source software
houses.  I want my trusted kernel to tell me exactly what
priveleges they're asking for and I want to tell it exactly
what priveleges it's allowed to provide them.  I want it to
be able to tell me exactly when every executable file appeared,
and as a result of running which other executable file (all
the way back to whichever command *I* gave that resulted in
its being there).  I want it to tell me exactly how the daemon
listening on any tcp port got installed and what priveleges
it has.  I want my trusted kernel to keep tamper-proof logs;
in fact I'd go so far as to want to use a write-once media
for logfiles just to make absolutely sure.

A trusted kernel should absolutely know when any program
is reading screen memory it didn't write, or keyboard
keystrokes that it then passes as input to another program,
and it should be possible for me to set up instant notification
for it to alert me when any program does so.

A trusted kernel should monitor outgoing network packets and
sound an alarm when any of them contains personal information
like PINs, passwords, keys, Social Security Number, Drivers
License, Credit Card numbers, Address, etc.  It should even
be possible to have a "terminate-with-prejudice" policy that
drops any such packets before sending and terminates and
uninstalls any unauthorized application that attempts to send
such packets.

I really don't care if anyone *else* trusts my system; as
far as I'm concerned, their secrets should not be on my
system in the first place, any more than my secrets should
be on theirs.  The fact is I'm building a system out of
pieces and parts from hundreds of sources and I don't know
all the sources; with an appropriate trusted kernel I
wouldn't have to extend nearly as much "black box" trust
to all the different places software comes from.


>Yes, you can construct a system that *you* can trust, but no one else has
>any reason to trust.  However, the capability to do that can be easily
>leveraged to produce a system that *others* can trust as well.  There are
>so many potential applications for the latter type of system that, as soon
>as systems of the former type are fielded, the pressure to convert them to
>the latter type will be overwhelming.

I do not think so.  People want to retain ownership of their
computer systems and personal information, and a system that
is made for *others* to trust would be used to take that
ownership and information.

> Ultimately, TCPA or no, you will be faced with a stark choice:  Join the
> broad "trust community", or "live in the woods".

No.  Lots of bands release music and encourage sharing, as promo
for their main revenue source (concert tours).  I see those bands
getting a leg up as their released music becomes popular while
music only available with onerous conditions languishes.  Lots of
other artists do graphic or animation work just for the chance to
be seen, and some of them are quite good.

You may consider it "living in the woods" to listen to stuff that
isn't the top 20; but I think lots of people will find that the
"woods" is a friendlier and more trustworthy place than a world
full of weasels who want to control their systems.

				Bear

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list