Anonymous: clearly Lucky and Ross have been talking about two aspects of the TCPA and Palladium platforms: 1) the implications of platform APIs planned for first phase implementation based on the new platform hardware support; 2) the implications of the fact that the owner of the machine is locked out from the new ring-0; For 2) one obviously has to go beyond discussing the implications of the APIs discussed in the documents, so the discussion has included other APIs that could be built securely with their security rooted in the new third-party controlled ring-0. In my initial two messages looking at implications I did try to clearly distinguish between documented planned APIs and new APIs that become possible to build with third-party controlled ring-0s. Other areas where analysis is naturally deviating from the aspects covered by the available documentation (such as it is) are: - discussion of likelihood that a given potential API will be built - looking at history of involved parties: - Intel: pentium serial number - Microsoft: litany of anti-competetive and unethical business practices, - governments: history of trying to push key-escrow, censorship, thought-crime and technologies and laws attempting to enforce these infringements of personal freedom - RIAA/MPAA: history of lobbying for legislation such as DMCA, eroding consumer rights - industry/government collaboration: Key Recovery Alliance (www.kra.org), which shows an interesting intersection of big-companies who are currently and historically were signed on to assist the government in deploying key-escrow - suspicion that the TCPA/Microsoft are putting their own spin and practicing standard PR techniques: like selective disclosure, misleading statements, disclaiming planned applications and hence not taking everything at face value. TCPA/Microsoft have economic pressures to spin TCPA/Palladium positively. - analysis is greatly hampered by the lack of definitive, concise, clearly organized technical documentation. Some of the main informative documents even microsoft is pointing at are like personal blog entries and copies of personal email exchanges. a number of your responses have been of the form "hey that's not a fair argument, what section number in the TCPA/Palladium documents gives the specification for that API". I suspect some arguing about the dangers of TCPA/palladium feel no particular obligation to point out this distinction the fact that an API is not planned in phase 1, or not publicly announced yet offers absolutely no safe-guard against it's later deployment. Adam On Tue, Aug 06, 2002 at 03:15:17PM -0700, AARG!Anonymous wrote:
Lucky Green writes:
The slides of the talk on TCPA that I gave over the weekend at DEFCON are now available at http://www.cypherpunks.to
Amazing claims you are making there. Claiming that the TPM will be included on "all future motherboards"; claiming that an objective is to meet the operational needs of law enforcement and intelligence; claiming that TCPA members (all 170 of them?) have more access to his computer than the owner; fantasizing about an "approved hardware list" and "serial number revocation list" which don't exist in the spec(!); further fantasies about a "list of undesirable applications" (where do you get this stuff!).