On Sun, 4 Aug 2002, AARG! Anonymous wrote:
Eugen Leitl writes:
On Sat, 3 Aug 2002, AARG! Anonymous wrote:
But you won't now say that TCPA is OK, will you? You just learned some information which objectively should make you feel less bad about it, and yet you either don't feel that way, or you won't admit it. I am coming to doubt that people's feelings and beliefs about TCPA are based on facts at all. No matter how much I correct negative misconceptions about these systems, no one will admit to having any more positive feelings about it.
Whoa there. Hold the horses. You're completely inverting the burden of proof here. You're *trusting* a preliminary spec fielded by *whom* again? Were you on the design team? Are you on implementers' team? Have you reverse engineered the function from tracing the structures on the die? Will you continue doing this, sampling every batch being shipped?
Whoa there is right! Yes, you are definitly educating me. Thank you. I am now totally confused on a lot of issues. So far, you have moved me from thinking TCPA seems like it might be useful to thinking that it's pretty monstrous. If you want to be a good teacher, you will have some patience. If you are a troll, you will get frustrated and leave soon.
I am judging the proposal on the basis of the spec. I think that is the correct way to do the analysis. Then, you can extend your analysis on the basis of ways you think the spec might change. But surely the spec ought to be a starting point for any judgement. Otherwise there is no factual basis for the analysis.
Agreed.
Yet no one here has said that now that they understand the spec better, they don't think TCPA as specified would be as bad as they thought. Some people, like James Donald and Ryan Lackey, have said that they don't think TCPA would be all that bad if it weren't for government, copyright laws, etc. But no one has suggested that my many postings have changed their opinion about TCPA in and of itself.
Maybe that's because I'm not convinced yet. I've got a thick skull :-)
The Alliance consists of Compaq, Intel, IBM, HP, and Microsoft. (Since then HP has bought Compaq.) Even if you hate Microsoft, you probably don't hate all of these companies, do you?
Hate is too strong a word. They aren't evil because they want to be, but because they have to be. They won't survive if they don't optimize society to their advantage.
I think the spec directly contradicts this claim! If they cared so little about user privacy, why would they use an elaborate system with a Privacy CA to make sure no user-identifiable information leaks onto the net? Surely the simpler approach would be what James Donald suggested, to send out the TPM's public key and let people use that. But it is a per-user identifier and so they went to great lengths to conceal it.
It creates a single point of attack. It reminds me of key escrow. Once you get to the chewy center, you can control everything. More questions below.
Furthermore, if their motivations were so bad, wouldn't it have been better for them for TCPA to work the way most people assume, to only load software which has been signed by some authority? Instead they are careful to let any software load, and to report its status to third parties, so the third parties can make their own judgements about what to trust. Why do you think they did it like this, if they were so determined to minimize the control of the end user?
Because it's hard to think about everything. Maybe they didn't finish thinking all the ramifications through. I would hope we'll be able to ask enough questions that you'll have a hard time quoting the spec.
Who cares what I am? It's facts that count! I could be Satan Incarnate and it wouldn't matter. I am giving you facts about TCPA based on my personal investment of time to study the system. Tell me this: if you care about this standard, why not get it and learn it yourself? Not one person here has done this! Everyone prefers to believe falsehoods than to learn the truth for themself. Do you think that is a good strategy for survival in a potentially hostile and dangerous world?
Not in a democracy. All laws are based on belief. They have nothing to do with facts. Facts get in the way and are far too confusing for a majority of humans. While understanding the facts is useful to anyone who wants real power, you can still accomplish a lot in the short run with a good lie. But I would like to understand TCPA enough that I can tell which newspaper article is the lie and which isn't.
All I am really asking for is someone to acknowledge that I have provided information to them which makes them see TCPA as less dangerous and damaging than they had thought based on the false information which has been circulating. I don't see how anyone can deny this. The caricature of TCPA that most people believe is very bad. The truth is not so bad. Logically, you *have* to believe that TCPA is not as bad as you thought, when you are provided with the truth.
Well I deny it. So far, I am still confused and amazed at how powerful a device you have described.
From a different message- :Date: Sat, 3 Aug 2002 23:50:24 -0700 :From: AARG! Anonymous <remailer@aarg.net> :To: cypherpunks@lne.com :Subject: Re: Other uses of TCPA : :Mike Rosing wrote: :> Who owns PRIVEK? Who controls PRIVEK? That's who own's TCPA. : :PRIVEK, the TPM's private key, is generated on-chip. It never leaves :the chip. No one ever learns its value. Given this fact, who would :you say owns and controls it?
OK, so why can't any joe hacker create their own PRIVEK? _nobody_ knows it's value? Then how can anyone know if a chip is "real" or "imitation". What happens when the motherboard dies again? PRIVEK was copied out of the chip to some "fob" right? I thought you said the manufacturer put the keys in at the factory. I'm confused dude, straighten me out. Patience, persistence, truth, Dr. mike