On Fri, 2 Aug 2002, AARG! Anonymous wrote:
You don't have to send your data to Intel, just a master storage key. This key encrypts the other keys which encrypt your data. Normally this master key never leaves your TPM, but there is this optional feature where it can be backed up, encrypted to the manufacturer's public key, for recovery purposes. I think it is also in blinded form.
In other words, the manufacturer has access to all your data because they have the master storage key. Why would everyone want to give one manufacturer that much power? Or am I missing something...
You communicate with the manufacturer, give him this recovery blob, along with the old TPM key and the key to your new TPM in the new machine. The manufacturer decrypts the blob and re-encrypts it to the TPM in the
and stores the blob in a safe place for future use.
The manufacturer sends the data back to you and you load it into the TPM in your new machine, which decrypts it and stores the master storage key. Now it can read your old data.
and so can everyone else who visits the manufacturers database.
I think this recovery business is a real Achilles heel of the TCPA and Palladium proposals. They are paranoid about leaking sealed data, because the whole point is to protect it. So they can't let you freely copy it to new machines, or decrypt it from an insecure OS. This anal protectiveness is inconsistent with the flexibility needed in an imperfect world where stuff breaks.
Seems like an understatement to me :-) Explaining to every CEO left standing that one company may have access to all their buisness data because congress wants to make TCPA a law could be a very power lobby.
So there are solutions, but they will add complexity and cost. At the same time they do add genuine security and value. Each application and market will have to find its own balance of the costs and benefits.
Yeah baby, tell them CEO's their costs are going up. That'll definitly help TCPA die quickly. Especially nowadays. Patience, persistence, truth, Dr. mike