Challenge to David Wagner on TCPA
Declan McCullagh writes at http://zdnet.com.com/2100-1107-946890.html: "The world is moving toward closed digital rights management systems where you may need approval to run programs," says David Wagner, an assistant professor of computer science at the University of California at Berkeley. "Both Palladium and TCPA incorporate features that would restrict what applications you could run." But both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads, in answer #1: : The TPM can store measurements of components of the user's system, but : the TPM is a passive device and doesn't decide what software can or : can't run on a user's system. An apparently legitimate but leaked Palladium White Paper at http://www.neowin.net/staff/users/Voodoo/Palladium_White_Paper_final.pdf says, on the page shown as number 2: : A Palladium-enhanced computer must continue to run any existing : applications and device drivers. and goes on, : In addition, Palladium does not change what can be programmed or run : on the computing platform; it simply changes what can be believed about : programs, and the durability of those beliefs. Of course, white papers and FAQs are not technical documents and may not be completely accurate. To really answer the question, we need to look at the spec. Unfortunately there is no Palladium spec publicly available yet, but we do have one for TCPA, at http://www.trustedcomputing.org/docs/main%20v1_1b.pdf. Can you find anything in this spec that would do what David Wagner says above, restrict what applications you could run? Despite studying this spec for many hours, no such feature has been found. So here is the challenge to David Wagner, a well known and justifiably respected computer security expert: find language in the TCPA spec to back up your claim above, that TCPA will restrict what applications you can run. Either that, or withdraw the claim, and try to get Declan McCullagh to issue a correction. (Good luck with that!) And if you want, you can get Ross Anderson to help you. His reports are full of claims about Palladium and TCPA which seem equally unsupported by the facts. When pressed, he claims secret knowledge. Hopefully David Wagner will have too much self-respect to fall back on such a convenient excuse.
-- On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads ....
They deny that intent, but physically they have that capability. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ElmZA5NX6jAmhPu1EDT8Zl7D+IeQTSI/z1oo4lSn 2qoSIC6KSr2LFLWyxZEETG/27dEy3yOWEnRtXzHy9
On Wednesday, July 31, 2002, at 04:51 am, James A. Donald wrote:
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads ....
They deny that intent, but physically they have that capability.
And all kitchen knives are murder weapons.
-- 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run.
James A. Donald:
They deny that intent, but physically they have that capability.
On 31 Jul 2002 at 16:10, Nicko van Someren wrote:
And all kitchen knives are murder weapons.
No problem if I also have a kitchen knife. TCPA and Palladium give someone else super root privileges on my machine, and TAKE THOSE PRIVILEGES AWAY FROM ME. All claims that they will not do this are not claims that they will not do this, but are merely claims that the possessor of super root privilege on my machine is going to be a very very nice guy, unlike my wickedly piratical and incompetently trojan horse running self. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG XQHdtzqDInBFsDcorfDvqJYRHTRhEBsM9eMJIH+w 2+o4WjsTSV8RDUO7k3c71T9v9JQKwZGZC54BqW6DQ
On Tue, 30 Jul 2002, James A. Donald wrote:
--
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads ....
They deny that intent, but physically they have that capability.
--digsig James A. Donald
If they do not restrict what programs I may run, then presumably, under TCPA, I might run a cracking program on an encrypted file I obtained via TCPA handshake+transmissal? The claims that TCPA, Palladium, etc. do not give root to the Englobulators is, on its face, ridiculous. Their main design criterion is to do so. oo--JS.
From: "James A. Donald" <jamesd@echeque.com> Date: Tue, 30 Jul 2002 20:51:24 -0700
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads ....
They deny that intent, but physically they have that capability.
To make their denial credible, they could give the owner access to the private key of the TPM/SCP. But somehow I don't think that jibes with their agenda. If I buy a lock I expect that by demonstrating ownership I can get a replacement key or have a locksmith legally open it.
Ray wrote:
From: "James A. Donald" <jamesd@echeque.com> Date: Tue, 30 Jul 2002 20:51:24 -0700
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads ....
They deny that intent, but physically they have that capability.
To make their denial credible, they could give the owner access to the private key of the TPM/SCP. But somehow I don't think that jibes with their agenda.
Probably not surprisingly to anybody on this list, with the exception of potentially Anonymous, according to the TCPA's own TPM Common Criteria Protection Profile, the TPM prevents the owner of a TPM from exporting the TPM's internal key. The ability of the TPM to keep the owner of a PC from reading the private key stored in the TPM has been evaluated to E3 (augmented). For the evaluation certificate issued by NIST, see: http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-VR-TPM.pdf
If I buy a lock I expect that by demonstrating ownership I can get a replacement key or have a locksmith legally open it.
It appears the days when this was true are waning. At least in the PC platform domain. --Lucky --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
Lucky Green wrote:
Ray wrote:
From: "James A. Donald" <jamesd@echeque.com> Date: Tue, 30 Jul 2002 20:51:24 -0700
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads ....
They deny that intent, but physically they have that capability.
To make their denial credible, they could give the owner access to the private key of the TPM/SCP. But somehow I don't think that jibes with their agenda.
Probably not surprisingly to anybody on this list, with the exception of potentially Anonymous, according to the TCPA's own TPM Common Criteria Protection Profile, the TPM prevents the owner of a TPM from exporting the TPM's internal key. The ability of the TPM to keep the owner of a PC from reading the private key stored in the TPM has been evaluated to E3 (augmented). For the evaluation certificate issued by NIST, see:
http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-VR-TPM.pdf
Obviously revealing the key would defeat any useful properties of the TPM/SCP. However, unless the machine refuses to run stuff unless signed by some other key, its a matter of choice whether you run an OS that has the aforementioned properties. Of course, its highly likely that if you want to watch products of Da Mouse on your PC, you will be obliged to choose a certain OS. In order to avoid more sinister uses, it makes sense to me to ensure that at least one free OS gets appropriate signoff (and no, that does not include a Linux port by HP). At least, it makes sense to me if I assume that the certain other OS will otherwise become dominant. Which seems likely. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
I just want to point out that, as far as Palladium is concerned, we really don't care how the keys got onto the machine. Certain *applications* written on top of Palladium will probably care, but all the hardware & the security kernel really care about is making sure that secrets are only divulged to the code that had them encrypted in the first place. It's all a big trust management problem (or a series of trust management problems) -- applications that are going to rely on SCP keys to protect secrets for them are going to want some assurances about where the keys live and whether there's a copy outside the SCP. I can certainly envision potential applications that would want guarantees that the key was generated on the SCP & never left, and I can see other applications that want guarantees that the key has a copy sitting on another SCP on the other side of the building. So the complexity isn't in how the keys get initialized on the SCP (hey, it could be some crazy little hobbit named Mel who runs around to every machine and puts them in with a magic wand). The complexity is in the keying infrastructure and the set of signed statements (certificates, for lack of a better word) that convey information about how the keys were generated & stored. Those statements need to be able to represent to other applications what protocols were followed and precautions taken to protect the private key. Assuming that there's something like a cert chain here, the root of this chain chould be an OEM, an IHV, a user, a federal agency, your company, etc. Whatever that root is, the application that's going to divulge secrets to the SCP needs to be convinced that the key can be trusted (in the security sense) not to divulge data encrypted to it to third parties. Palladium needs to look at the hardware certificates and reliably tell (under user control) what they are. Anyone can decide if they trust the system based on the information given; Palladium simply guarantees that it won't tell anyone your secrets without your explicit request.. --bal P.S. I'm not sure that I actually *want* the ability to extract the private key from an SCP after it's been loaded, because presumably if I could ask for the private key then a third party doing a black-bag job on my PC could also ask for it. I think what I want is the ability to zeroize the SCP, remove all state stored within it, and cause new keys to be generated on-chip. So long as I can zero the chip whenever I want (or zero part of it, or whatever) I can eliminate the threat posed by the manufacturer who initialized the SCP in the first place. Lucky Green <shamrock@cypherpunks.to> wrote:
Ray wrote:
From: "James A. Donald" <jamesd@echeque.com> Date: Tue, 30 Jul 2002 20:51:24 -0700
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads ....
They deny that intent, but physically they have that capability.
To make their denial credible, they could give the owner access to the private key of the TPM/SCP. But somehow I don't think that jibes with their agenda.
Probably not surprisingly to anybody on this list, with the exception of potentially Anonymous, according to the TCPA's own TPM Common Criteria Protection Profile, the TPM prevents the owner of a TPM from exporting the TPM's internal key. The ability of the TPM to keep the owner of a PC from reading the private key stored in the TPM has been evaluated to E3 (augmented). For the evaluation certificate issued by NIST, see:
http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-VR-TPM.pdf
If I buy a lock I expect that by demonstrating ownership I can get a replacement key or have a locksmith legally open it.
It appears the days when this was true are waning. At least in the PC platform domain.
--Lucky
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
I imagine there's a world of difference between "will" and "would." -Declan On Mon, Jul 29, 2002 at 03:35:32PM -0700, AARG!Anonymous wrote:
Can you find anything in this spec that would do what David Wagner says above, restrict what applications you could run? Despite studying this spec for many hours, no such feature has been found.
So here is the challenge to David Wagner, a well known and justifiably respected computer security expert: find language in the TCPA spec to back up your claim above, that TCPA will restrict what applications you can run. Either that, or withdraw the claim, and try to get Declan McCullagh to issue a correction. (Good luck with that!)
And if you want, you can get Ross Anderson to help you. His reports are full of claims about Palladium and TCPA which seem equally unsupported by the facts. When pressed, he claims secret knowledge. Hopefully David Wagner will have too much self-respect to fall back on such a convenient excuse.
On Mon, Jul 29, 2002 at 03:35:32PM -0700, AARG! Anonymous wrote:
Declan McCullagh writes at http://zdnet.com.com/2100-1107-946890.html:
"The world is moving toward closed digital rights management systems where you may need approval to run programs," says David Wagner, an assistant professor of computer science at the University of California at Berkeley. "Both Palladium and TCPA incorporate features that would restrict what applications you could run."
But both Palladium and TCPA deny that they are designed to restrict what applications you run. The TPM FAQ at http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads, in answer #1:
: The TPM can store measurements of components of the user's system, but : the TPM is a passive device and doesn't decide what software can or : can't run on a user's system.
An apparently legitimate but leaked Palladium White Paper at http://www.neowin.net/staff/users/Voodoo/Palladium_White_Paper_final.pdf says, on the page shown as number 2:
: A Palladium-enhanced computer must continue to run any existing : applications and device drivers.
<snip/>
Can you find anything in this spec that would do what David Wagner says above, restrict what applications you could run? Despite studying this spec for many hours, no such feature has been found.
So here is the challenge to David Wagner, a well known and justifiably respected computer security expert: find language in the TCPA spec to back up your claim above, that TCPA will restrict what applications you can run. Either that, or withdraw the claim, and try to get Declan McCullagh to issue a correction. (Good luck with that!)
'Applications' as used in Wagner's statement can be actions or computer programs to accomplish the desired tasks for the users/owners.
From Webster's Revised Unabridged Dictionary (1913) [web1913]:
Application \Ap`pli*ca"tion\, n. [L. applicatio, fr. applicare: cf. F. application. See {Apply}.] 3. The act of applying as a means; the employment of means to accomplish an end; specific use.
From WordNet (r) 1.7 [wn]:
3: a program that gives a computer instructions that provide the user with tools to accomplish a task; Both involve using the term 'accomplish'. Whereas from WordNet (r) 1.7 [wn]: software n : (computer science) written programs or procedures or rules and associated documentation pertaining to the operation of a computer system and that are stored in read/write memory; As you can see, 'application' differs from 'software' in that an 'application' needs to 'accomplish' the desired tasks. If as you said later, On Thu, Aug 01, 2002 at 04:45:15PM -0700, AARG! Anonymous wrote:
But no, the TCPA does allow all software to run. Just because a remote system can decide whether to send it some data doesn't mean that software can't run. And just because some data may be inaccessible because it was sealed when another OS was booted, also doesnt mean that software can't run.
I think we agree on the facts, here. All software can run, but the TCPA allows software to prove its hash to remote parties, and to encrypt data such that it can't be decrypted by other software. Would you agree that this is an accurate summary of the functionality, and not misleading?
that the desired tasks cannot be accomplished, then the software might run but the 'application' does not. Note the TPM FAQ quoted is correct in using the term 'software' but that is not the term used by Wagner. The sentence where the term 'application' is used in the alleged Palladium White Paper might appear to be self contraditory. Therefore I do not think that Wagner needs to withdraw his claim. David Chia -- What do you call a boomerang that does not come back? A Stick. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (10)
-
AARG! Anonymous -
Ben Laurie -
Brian A. LaMacchia -
Declan McCullagh -
James A. Donald -
Jay Sulzberger -
Lucky Green -
Nicko van Someren -
R. Hirschfeld -
rsedc@atlantic.gse.rmit.edu.au