Lucky Green writes:
Though routinely professing otherwise, evidently Anonymous knows nothing of the spirit of the TCPA:
I have in fact never claimed to be a TCPA insider; quite the opposite, I have consistently explained that I am merely someone who has taken the time to study the specification and other documents in order to educate myself about the system. My interpretation of the spirit of the proposal comes solely from reading these documents. They go to considerable lengths to protect user privacy, even to the point that the main TPM key is an encrypt-only key, not allowed to issue signatures! I think this is to reduce the chance of mistakenly using it to sign attestations. Further, the protocol with the Privacy CA is very complex and adds considerable complexity. If they didn't care about privacy I don't think the design would devote this much effort to it.
I proposed the use of blinding schemes to the TCPA as far back as 2 years ago as a substitute to the Privacy CAs schemes which are subject to potential collusion. I believe "unreceptive", rather than "very much open to this suggestion" would more accurately describe the TCPA's spirit Anonymous holds so high.
Maybe this is true, but I can certainly imagine reasons other than a secret desire to compromise users' privacy. Going with blinding would make the spec more complex, and they might well have had their hands full at the time just trying to get V1.0 out. Then there are the patent issues with either Chaum or Brands blinding. Plus, Brands works with very special-format keys, variants on discrete log keys, while the spec generally assumes RSA keys (possibly going to ECC). And finally, they may simply not have been that familiar with blinding technology, which isn't that widely known outside a small subset of the cryptographic community. TCPA is more of a security spec than a cryptographic one, and it's likely that not one of the main developers had every read a paper by Stefan Brands. Besides, after reading Lucky's absurdly conspiratorial slide show I am skeptical about how accurately he can be relied on to report information about TCPA. He obviously thinks they are the spawn of the devil and is willing to say anything in public in order to discredit them. Otherwise why would he have made so many charges at Defcon that are utterly without foundation? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com