I'm resending this because I never saw it appear on the
cypherpunks@lne.com mailing list. Appologies if it has
already been through and I just missed it.
-kevin wall
-----Original Message-----
From: Wall, Kevin
Sent: Friday, August 02, 2002 1:27 AM
To: 'ericm@lne.com '; 'cypherpunks@lne.com ';
'cryptography@wasabisystems.com '; 'ptrei@rsasecurity.com'
Subject: RE: Challenge to David Wagner on TCPA
Mr AARG! writes...
Eric Murray writes:
Yes, the spec says that it can be turned off. At that point you
can run anything that doesn't need any of the protected data or
other TCPA services. But, why would a software vendor that wants
the protection that TCPA provides allow his software to run
without TCPA as well, abandoning those protections?
That's true; in fact if you ran it earlier under TCPA and sealed some
data, you will have to run under TCPA to unseal it later. The question
is whether the advantages of running under TCPA (potentially greater
security) outweigh the disadvantages (greater potential for loss of
data, less flexibility, etc.).
and in another reply to Peter Trei, Mr. AARG! also writes...
Now, there is an optional function which does use the manufacturer's key,
but it is intended only to be used rarely. That is for when you need to
transfer your sealed data from one machine to another (either because you
have bought a new machine, or because your old one crashed). In this
case you go through a complicated procedure that includes encrypting
some data to the TPME key (the TPM manufacturer's key) and sending it
to the manufacturer, who massages the data such that it can be loaded
into the new machine's TPM chip.
So this function does require pre-loading a manufacturer key into the
TPM, but first, it is optional, and second, it frankly appears to be so
cumbersome that it is questionable whether manufacturers will want to
get involved with it. OTOH it is apparently the only way to recover
if your system crashes. This may indicate that TCPA is not feasible,
because there is too much risk of losing locked data on a machine crash,
and the recovery procedure is too cumbersome. That would be a valid
basis on which to criticize TCPA, but it doesn't change the fact that
many of the other claims which have been made about it are not correct.
Correct me if I'm wrong (I'm sure you all will :), but wouldn't you also
have to possibly go through this exercise with the TPME key and sending
your system to the manufacturer when you wanted to, say, upgrade your
operating system or switch to a completely different OS? That will go
over like a lead balloon. (Gee... must be getting late. I almost wrote
"like a bag of dirt". Duh! Can't even remember cliches at my age.)
-kevin wall
P.S.- Please excuse the sh*t formating. We use Lookout! and MS Exstrange
where I work.
---
Kevin W. Wall Qwest Information Technology, Inc.
Kevin.Wall@qwest.com Phone: 614.932.5542
"Wipe Info uses hexadecimal values to wipe files. This provides more
security than wiping with decimal values."
-- Norton System Works 2002 manual, pg 160