Microsoft: Palladium will not limit what you can run

Lucky Green shamrock at cypherpunks.to
Sat Mar 15 04:31:12 EST 2003


AARG!, having burned the nym with the moderator of this list and who is
therefore now posting via the Hermes remailer commented on Microsoft,
which similarly burned the Palladium name, claims:
> Hopefully this will shed light on the frequent claims that 
> Palladium will limit what programs people can run, or "take 
> over root" on your computer, and similar statements by people 
> who ought to know better.  It is too much to expect these 
> "experts" to publicly revise their opinions, but perhaps 
> going forward they can begin gradually to bring their claims 
> into line with reality.

Part of me wonders if it worth my time to reply to this post, but what
the heck, I'll take it.

So let's talk about reality. It is true, at least for the moment, that
Intel's La Grande initiative, which provides the hardware foundation for
Palladium, just locks pages in memory that are designate as such by the
application. It if further true that Palladium, as the aforementioned OS
component, just designates certain blobs of data to be inaccessible to
the user who has Ring 0 privileges.

Whether Palladium takes over root on a computer or merely prevents the
legitimate purchaser of a PC who otherwise has required privileges from
performing certain actions on the PC that he legally owns with the data
he lawfully created may be a matter of philosophical debate. For
conciseness and clarity it suffices to say that the owner of a PC will
not have root privileges on a PC on which Palladium is active and in
force. No Microsoft press release can possibly alter this fact, since
this restriction is fundamental to Palladium having any value at all to
any entities.

As Microsoft's John Manferdelli wrote:
"How these new programs are built - and what they will require of the
user - are questions for the application developer to answer."

What John means is that Palladium in and by itself will not limit what
applications you can run. Which is mostly true for the first phase. But
if, in addition to Palladium, you would like to run application by
vendors concerned about law-abiding, but undesirable, information flow,
then you will find that the applications that you would like to run in
addition to the above won't perform as expected.

--Lucky


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list