Adam Back writes a very thorough analysis of possible consequences of the amazing power of the TCPA/Palladium model. He is clearly beginning to "get it" as far as what this is capable of. There is far more to this technology than simple DRM applications. In fact Adam has a great idea for how this could finally enable selling idle CPU cycles while protecting crucial and sensitive business data. By itself this could be a "killer app" for TCPA/Palladium. And once more people start thinking about how to exploit the potential, there will be no end to the possible applications. Of course his analysis is spoiled by an underlying paranoia. So let me ask just one question. How exactly is subversion of the TPM a greater threat than subversion of your PC hardware today? How do you know that Intel or AMD don't already have back doors in their processors that the NSA and other parties can exploit? Or that Microsoft doesn't have similar backdoors in its OS? And similarly for all the other software and hardware components that make up a PC today? In other words, is this really a new threat? Or are you unfairly blaming TCPA for a problem which has always existed and always will exist?
On Fri, 9 Aug 2002, AARG! Anonymous wrote:
Of course his analysis is spoiled by an underlying paranoia. So let me ask just one question. How exactly is subversion of the TPM a greater threat than subversion of your PC hardware today? How do you know that Intel or AMD don't already have back doors in their processors that the NSA and other parties can exploit? Or that Microsoft doesn't have similar backdoors in its OS? And similarly for all the other software and hardware components that make up a PC today?
In other words, is this really a new threat? Or are you unfairly blaming TCPA for a problem which has always existed and always will exist?
The difference is that *anyone* can see what goes on inside an Intel or AMD processor. Only the key holder of the TPM can see inside the "protected" code space. You can't put back doors into the code now because the code is visible to all users. The purpose of crypto is to hide information even tho the attacker can see all the machinery work. If you don't want to have the machinery visible, then use a sealed system (like smart card). Patience, persistence, truth, Dr. mike
participants (2)
-
AARG! Anonymous
-
Mike Rosing