I haven't read the TCPA detailed spec yet (next on TCPA/Palladium list of reading material), but this bit I can infer I think:
:Mike Rosing wrote: :> Who owns PRIVEK? Who controls PRIVEK? That's who own's TCPA. : :PRIVEK, the TPM's private key, is generated on-chip. It never leaves :the chip. No one ever learns its value. Given this fact, who would :you say owns and controls it?
OK, so why can't any joe hacker create their own PRIVEK? _nobody_ knows it's value? Then how can anyone know if a chip is "real" or "imitation". What happens when the motherboard dies again? PRIVEK was copied out of the chip to some "fob" right? I thought you said the manufacturer put the keys in at the factory.
The corresponding public key is certified by the secure hardware manufacturer, I think. Then they have this privacy CA which accepts requests signed by the platform's signature key, and gives in return a certified pseudonym of the users choice. They claim this gives privacy, which it only does if you trusted the "privacy CA" -- the privacy CA can link all of your anonymous and pseudonymous credentials. (Anonymous may want to straighten out the different keys names -- I think there are some encryption, some signature, some sealing keys derived from other secret keys and the checksum of the application and OS / firmware etc.) Brands digital credentials could be used to fix this sub-problem I think. They put in the privacy CA thing as a defense against the PR problems Intel had with the pentium serial number. The FAQs at www.trustedpc.org talk about this arguing how this is better than pentium serial number at avoiding linkability. The documentation problem I find is there isn't much documentation available which is technical except for the 330 page spec which drops right down to implementation details in RFC standards style. Adam -- http://www.cypherspace.org/adam/