[Full-Disclosure] Trustworthy Computing Mini-Poll

From: Simon Richter (Simon.Richter@hogyros.de)
Date: 12/20/02 

From: Simon.Richter@hogyros.de (Simon Richter)
Date: Fri, 20 Dec 2002 01:35:07 +0100

--GID0FwUMdk1T2AWN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Andrew,

On Thu, Dec 19, 2002 at 09:06:58AM +0200, Andrew Thomas wrote:
>> form a lobby group and ask for the "owner + web of trust"
>> solution. It is technically doable and in the line of liberalism, so I t=
hink it
>> has a good chance of becoming law.

> I might be missing something, but how does software/hardware limitation of
> personal control fall under the description of 'in the line of liberalism=
'?=20

I was talking about the "web of trust model", where the owner of the
computer decides whom to trust as an introducer and whom to trust as a
software vendor. So this doesn't in fact limit your personal control
over what software runs on your computer, as you can always sign it
yourself. Since a lot of users do not (want to) understand what a web of
trust is, a number of "trust centers" will pop up, competing for
software developers (=3D> reasonable price). The OSS people will simply
use their own web of trust, and people wishing to install OSS software
can also enter this web at the next signing party or compile and sign
the software themselves. The only thing that is bad about being
liberalist here is that M$ gets to decide whose keys they ship with
Windows -- but as long as the user is able to install new keys and
express trust into them, users will still vote with their feet (if M$'s
pricing is unresonable, we tell people to install a certain key in the
manual -- and that key will probably belong to a group of software
developers).

On the copy protection side, customers will have the choice between
buying combo hardware (DVD drive, gfx card, sound card, special cable
inbetween, all from the same vendor) and using a non-TCPA CPU or
selecting hardware from different vendors and using a TCPA CPU. In fact
I think the copy protection features in the TCPA hardware will be born
dead, since a hardware-only scheme is much cheaper, and customers will
be happy about the CPU time saved by decoding that MPEG stuff in hardware.

I'm still wondering whether TCPA or the hardware schemes are in fact
weaker -- TCPA can probably be cracked in software, but OTOH a lot of
the hardware solutions will be security-by-obscurity or at least one of
them may have a small flaw (a chosen-plaintext attack may be enough of a
hole for a mod chip).

> To answer your question, I would personally be quite happy for the techno=
logy to
> be developed, as long as it wasn't forced on me by law.

Would you buy/use it if you had the choice? I mean, there are a lot of
advantages... :-)

   Simon

--=20
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4

--GID0FwUMdk1T2AWN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+AmW1GKDMjVcGpLQRAuVYAKCWuJ+BWCID9QnvoaTNiNQ/q50dpQCglMzv
NOcVB9mOausbNCeo+EiBKEE=
=GavH
-----END PGP SIGNATURE-----

--GID0FwUMdk1T2AWN--

Relevant Pages

  • Re: concerned and confused about adding shadow-set members to system disk
    ... If VMS reboots and expects, ... > Where is this recommendation spelled out? ... >> Simply put, if you trust your hardware then use the first method, if you ...
    (comp.os.vms)
  • Re: Moving to the Net: Encrypted Execution for User Code on a Hosting Site
    ... tamper-resistant hardware to a hardware solution that behaves exactly ... Such as the hardware vendor not installing the private key, but a trusted third party, such as Verisign. ... More precisely, the hardware vendor might install an initial private key, but then the trusted third party might verify the hardware using that initial key, install a new identity, and then ERASE the original hardware identity. ... Since it is impractical for the end user - me or you, the consumer - to completely verify the hardware, some level of trust is necessary. ...
    (comp.arch)
  • Re: Semi-new Compression Method Fully Implemented
    ... whats good. ... Honestly, once I buy a laptop, if your school or affilate ... program they can't test on hardware they trust. ...
    (comp.compression)
  • RE: [Full-disclosure] PC Firewall Choices
    ... > settings and you can't trust it. ... If someone wants to supplement Windows XP firewall and doesn't really know ... to test hardware firewalls and installations in other ways behind routers. ... things that have come right by their router/hardware firewall without ...
    (Full-Disclosure)
  • Re: OT - This may not be a bad idea...
    ... Trust me, it's not something ... to joke about. ... That's JoeNoBedroom for you. ... liberalism, like Joe and Cathy F. I will not date a known liberal. ...
    (alt.autos.toyota)
Quantcast