Don Marti writes:

Wednesday night: Seth Schoen fixes TCPA, saves Freedom: http://www.sdforum.org/p/calEvent.asp?CID=1182

Sorry that didn't happen. And I still haven't fixed TCPA. Intel has posted its Policy Statement on LaGrande Technology: ftp://download.intel.com/technology/security/downloads/LT_policy_statement_0_ 8.pdf LaGrande is in the interstices between TCG and NGSCB. TCG has not specified a secure I/O path or "curtained memory" as required by NGSCB. LaGrande does, so it effectively provides the complete hardware support NGSCB would need. (AMD has a similar project called SEM, which I know very little about other than that it is supposed to do similar things and at least one of the people working on it is exceptionally honest.) Anyway, Intel wants your comments on the LT policy. The thing that jumps out at me (as the author of "Trusted Computing: Promise and Risk") is that Intel thinks that opt-out or opt-in can solve the problems of attestation. This is the official view of a lot of trusted computing proponents. The defects of this view are difficult to describe and are complicated by the fact that some trusted computing critics don't believe that LT (or TCG or NGSCB) will actually provide an opt-out. (I do believe this.) The root of the difficulty is that, in the nature of attestation, you can be _punished_ for opting out (beyond the scope of simply not enjoying particular features to which what you opted out of is technically necessary). For example, if you have a feature with privacy implications like What's Related in browsers, you can opt of using What's Related and the only penalty will be that you won't see what's related to the sites you're looking at. Or if you don't like Microsoft's software updates, you can opt out of those and the only penalty will be that your software won't be patched. (This is actually a somewhat thorny issue since no other sources of patches to Microsoft software have so far arisen.) But in most other cases with which we're familiar, opting out has a relatively narrow effect, and there is fairly little leverage to punish you for having done so. At least, that's true of opt-out features in the context of technology choices; it might not be true in some off-line situations. In the nature of attestation and its effect on interoperability, though, opting out of attestation might be ruinous for your hopes of communicating with others. If they can be induced to use proprietary protocols or file formats, opting out may lead to a permanent inability to exchange data with them. Opting in, by the same token, could lead to a permanent loss of software choice (and the effective inability to reverse engineer or repair your software) at least during the particular periods of time when you want to communicate with other people or manipulate what they sent you. Opt-in can't undo the harmful network effects attestation will produce for competition and for all computer owners. Anyway, that's what I plan to tell Intel, in somewhat more detail, sometime before December 31. And remember: [T]rusted computing systems fundamentally alter trust relationships. Legitimate concerns about trusted computing are not limited to one area, such as consumer privacy or copyright issues. -- Seth David Schoen <schoen@loyalty.org> | Very frankly, I am opposed to people http://www.loyalty.org/~schoen/ | being programmed by others. http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003), | 464 U.S. 417, 445 (1984) _______________________________________________ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]