Lucky Green wrote:
Ray wrote:
To make their denial credible, they could give the owner access to the private key of the TPM/SCP. But somehow I don't think that jibes with their agenda.
Probably not surprisingly to anybody on this list, with the exception of potentially Anonymous, according to the TCPA's own TPM Common Criteria Protection Profile, the TPM prevents the owner of a TPM from exporting the TPM's internal key. The ability of the TPM to keep the owner of a PC from reading the private key stored in the TPM has been evaluated to E3 (augmented). For the evaluation certificate issued by NIST, see:
http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-VR-TPM.pdf
This has to be true for the basic security goal of remote trust, right? The purpose is so that the user can credibly convince a remote system that he is running a certain program. Explain to me how he could do this if he were able to reload the TPM key with one of his own, or get access to the private key? Wouldn't that let him forge arbitrary messages? You might as well complain that Verisign doesn't share their private key with everyone. Either way you lose the trust properties of the system.
If I buy a lock I expect that by demonstrating ownership I can get a replacement key or have a locksmith legally open it.
It appears the days when this was true are waning. At least in the PC platform domain.
We have had other systems which work like this for a long while. Many consumer devices are sealed such that if you open them you void the warranty. This is to your advantage as a consumer; it means that you can take the device in to get it fixed, and the intact seal proves that you didn't mess with the insides and break it. By your logic, consumers ought to be able to bypass such seals since they own the device. But if this were true, don't you agree that it would make the seals useless?