full-disk subversion standards released
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Jan 31 05:19:14 EST 2009
John Gilmore <gnu at toad.com> writes:
>The theory that we should build "good and useful" tools capable of monopoly
>and totalitarianism, but use social mechanisms to prevent them from being
>used for that purpose, strikes me as naive.
There's another problem with this theory and that's the practical
implementation issue. I've read through... well, at least skimmed through the
elephantine bulk of the TCG specs, and also read related papers and
publications and talked to people who've worked with the technology, to see
how I could use it as a crypto plugin for my software (which already supports
some pretty diverse stuff, smart cards, HSMs, the VIA Padlock engine, ARM
security cores, Fortezza cards (I even have my own USG-allocated Fortezza ID
:-), and in general pretty much anything out there that does crypto in any
way, shape, or form). However after detailed study of the TCG specs and
discussions with users I found that the only thing you can really do with
this, or at least the bits likely to be implemented and supported and not full
of bugs and incompatibilities, is DRM.
In all the time I've worked with crypto devices I've never seen something so
totally unsuited to general-purpose crypto use as a TPM. There really is only
one thing it can reliably be used for and that's DRM. Now admittedly if you
look really hard you may find a particular vendor who has a hit-and-miss
attempt at implementing some bits of the spec that, if you cross your eyes and
squint, is almost usable for general-purpose crypto use, but that's it. Even
with the best intentions in the world, the only thing you can really usefully
do with a TPM is DRM.
(NB: This was a few years ago, maybe things have improved since then but I
haven't seen any real indication of this. Oh, and I'm not going to get into
the rathole of whether the whole "attestation" thing is DRM or not, if you
think it isn't then please replace all occurrences of "DRM" in the above text
with "attestation").
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list