On Mon, Jun 24, 2002 at 08:15:29AM -0400, R. A. Hettinga wrote:
Status: U Date: Sun, 23 Jun 2002 12:53:42 -0700 From: Paul Harrison <pth-02@pacbell.net> Subject: Re: Ross's TCPA paper To: "R. A. Hettinga" <rah@shipwright.com>
The important question is not whether trusted platforms are a good idea, but who will own them. Purchasing a TCP without the keys to the TPM is like buying property without doing a title search. Of course it is possible to _rent_ property from a title holder, and in some cases this is desirable.
I would think a TCP _with_ ownership of the TPM would be every paranoid cypherpunk's wet dream. A box which would tell you if it had been tampered with either in hardware or software? Great. Someone else's TCP is more like a rental car: you want the rental company to be completely responsible for the safety of the vehicle. This is the economic achilles heal of using TCPA for DRM. Who is going to take financial responsibility for the proper operation of the platform? It can work for a set top box, but it won't fly for a general purpose computer.
In general, I'm very fond of this sort of ownership analysis. If I have a TCPA box running my software, and thinking that its mine, how do I know there isn't one more layer? Leave it off, and my analysis is simpler. I suspect that verifying ownership of the TPM will be like verifying ownership of property in modern Russia: There may be a title that looks clean. But what does the mafia think? What about the security services? There may even be someone with a pre-Bolshevik title floating around. Or a forgery. Hard to tell. It's annoying to have one's transaction costs pushed up that high. I can get very high quality baseline software today. What I need for my cypherpunk wet dreams is ecash, and a nice anonymizing network. What I also need is that the general purpose computing environment stay free of control points, in Lessig sense. Adam