New Scientist reports on a new document released by the Trusted Computing Group, http://www.trustedcomputinggroup.org/. This is the reconstitued and renamed TCPA, which triggered such controversy a year ago. The article, http://www.newscientist.com/news/news.jsp?id=ns99994171, reports: The US music industry's legal clampdown on online music piracy could soon be supplemented by technical measures that will make it harder to make unauthorised copies of digital files. A new set of programming standards, released by a consortium of the world's largest software and hardware companies on Tuesday, specify methods for developing software for hardware security modules increasingly being built into many personal computers. The Trusted Computing Group's new security standards promise to shore up personal computer security by linking software to tamper-resistant hardware modules in which cryptographic keys and other tools are stored. This could be used to increase the security of files or authenticate messages. The new document, described in the press release at https://www.trustedcomputinggroup.org/press/news/TSS_IDF_release_final_sept_..., is an API for the Trusted Software Stack (TSS), which will interface to the secure hardware component, called a TPM (trusted platform module). In other news, Sun Microsystems has announced that it is joining the TCG. Amazingly, Whit Diffie, a well known privacy advocate with cypherpunk leanings, is quoted in the press release: "As the world becomes more connected, secure computing is fundamental to protecting our critical infrastructure, our enterprise networks, and our personal computers." said Dr. Whitfield Diffie, Chief Security Officer, Sun Microsystems. "Sun is committed to security and open standards. We're excited to join TCG as a Promoter Member and help to move security into the technologies on which the future depends." Back in April, Diffie was questioning the goals of Trusted Computing, http://www.eetimes.com/story/OEG20030415S0013. Wonder what changed his mind? A final note, Ross Anderson's so-called Trusted Computing FAQ was updated last month to version 1.1, http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html. It's still full of utterly unsupported allegations, such as the claim that TCPA was going to delete "pirated" applications and documents. And of course there is no apology for those charges which he has had to eliminate or water down from the first version of the FAQ. Read at your own risk; it's not exactly a "no spin zone". --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com