Palladium: Microsoft Bets the Company
I have to admit I couldn't understand why, earlier this year, Bill Gates declared that security would be a key element of future Microsoft products. Now it looks like an innovative way to try to dominate the industry again. This is a 'bet the company' strategy. Traditionally Microsoft has pushed third-party flexibility and programmability (subordinated to their own products, of course) over anything else. This allowed them to promote new sales and upgrades based on improved features. By moving to security, however, Microsoft must move away from flexibility. This is risky. Consider a quick history lesson: Why did the Wintel PC prevail over the Mac in the computing community? Answer: economy and flexibility. Question: What do you give up when you implement a hermetically sealed system as is proposed by TCPA and Microsoft's Palladium? Answer: economy and flexibility. Complicated cryptosystems are troublesome beasts. This is probably the main reason PKI is "mostly dead" instead of being the foundation of modern infosec. It's time consuming to get all the keys and permissions in the right places, and it costs money to keep all those bits of the infrastructure working. Remember: to make this work, the TCPA and Palladium people have to operate a bureaucracy to issue certificates, validate software, and do background checks. That drives up costs and it's really hard to do this efficiently. Moreover, hermetically sealed systems like this aren't robust -- they trade off reliability for the protection of the 'protected material.' Things break when you don't expect them to, like the 9/11 recovery workers who had to abandon Windows XP when it died after failing to be properly registered. Your PC crashes more, but you get to watch "Bambi." Gosh. Given that, most people will try to use non-TCPA computers whenever a PC isn't intended as an entertainment nexus. This turns the TCPA/Palladium machines into glorified set-top boxes and perhaps a 21st century Divix. The only hope for TCPA and Palladium is for Congress to outlaw normal computers. Frankly, if grassroots computer users lose that battle, we deserve what we get. And we'd end up with the 21st century version of Prohibition in which people smuggle in large-screen monitors and unfettered motherboards instead of bathtub gin. Rick. smith@securecomputing.com roseville, minnesota "Authentication" in bookstores http://www.smat.us/crypto/
participants (1)
-
Rick Smith at Secure Computing