On Mon, Aug 05, 2002 at 07:42:45AM -0700, Mike Rosing wrote:
On Mon, 5 Aug 2002, Adam Back wrote:
The corresponding public key is certified by the secure hardware manufacturer, I think.
Are all the keys certified? Are any copied outright?
Note there is one key that is endorsed, so per machine there is one key, singular. On the other interpretation of your question: do we trust that the manufacturer didn't take a copy of the key while certifying it? Good quesion. The scenario is analogous to the pre-generated private key on a smart card. Do you trust what the hardware vendor did with it? Did they generate the private key it off chip and keep a copy? Did they generate the private key on chip but export it at the time of certifying the public key? Except in this case the smart card is attached to your motherboard, mediates control of the platform and is called the "TPM" Trusted Platform Module. While there are approaches to having third party audits of the process, publishing the source code, etc; it's still typically not a very transparent affair as it's in tamper resistant hardware, plus vulnerable to plausibly deniable snafus, and undetectable backdooring even if it is generated on TPM.
But I'm confused, so keep at it and maybe I'll figure something out!
Effectively I think the best succinct description of the platforms motivation and function is that: "TCPA/Palladium is an extensible, general purpose programmable dongle soldered to your mother board with centralised points belonging to Microsoft/IBM/Intel/". It seems to me there is both strong possibility for it becoming a focus for future government attempts at policy malware and legislated technology implementation, and a focus RIAA/MPAA/WIPO polices imposing futher expansionist and monopoly propping legislation and legislated technology implementation to enforce the worst excesses of DMCA. The technology components are very interesting. The implications of what can be done with sealing, secure boot-strapping and remote attestation are a departure from what people were thinking was possible with general purpose computing. As anonymous points out it makes possible all kinds of applications and changes the nature of what can be cryptographically assured. With current non-TCPA platforms the limit of what can be cryptographically assured is for example what can be encrypted with password, or other cryptographic mechanism. Cryptographic assurance is also known as "data separation" -- the concept that the crytography is able to completely cover the applications policy restrictions without leaving "trusted" software components necessary to enforce policies too complex to implement with encryption / data separation. With TCPA you can build general purpose policy code which does not exhibit cryptographic assurance, and yet due to the TCPA platform assures similar levels of security assurance. That's a huge change in world view in the domain of security applications. In slightly more detail, you can either build applications rooted in the remote attestation, sealing and secure boot-strapping functions I described in an earlier post. Or you can add your own custom policy and even applications inside a hardware assured code compartment which the user can not access or tamper with. One aspect of the implications is the implementation and security possibilities it lends to DRM applications. Personally I don't find this aspect a good thing because I think current copyright law has reached a state of being a net negative for society and freedom, and that it's time to rescind them and start-over. I think we should try analyse as William Arbaugh suggested in [7] what is desirable, what is safe to implement, and ways to change the platform to remove the negative aspects.
From my current understanding, the worst problem is the centralised control of this platform. If it were completely open, and possible to fix it's potential dangers, it would bring about a new framework of secured computing and could be a net positive. In it's current form with centralised control and other problems it could be a big net negative.
Adam [7] "The TCPA; What's wrong; What's right and what to do about", William Arbaugh, 20 Jul 2002 http://www.cs.umd.edu/~waa/TCPA/TCPA-goodnbad.html