Eugen* Leitl <a href="http://leitl.org">leitl</a> writes:

The passphrase locking idear won't fly, but a biometrics-lockable wallet could. Isn't part of Pd envelope goal establishing a tamper-proof compartment? We know Pd is evil, but once hardware support is everywhere, one can as well use it for something positive, for a change.

Well, you're preaching to the choir now, son. Of course, it's a choir of one, but c'est la vie. The idea of finding good uses for Trusted Computing has not exactly been gushingly popular around here. In fact, you yourself have been one of the harshest critics of its pseudonymous proponent ("intelligent idiot" sound familiar?). The problem with Palladium as a solution to spam is first, that it is many years away, being part of the Longhorn OS release. The latest official estimates are 2006, rumors are that 2007 is the internal date, and whispers of 2008 exist. Then, it will take years before such systems become widely enough used that spammers can no longer find pre-Palladium systems to serve as a basis for attacks. We're probably talking 2011 at the earliest. We'll need adequate solutions to spam long before then. Secondly, you could use Palladium to arrange that it was impossible to send mail from your computer except via human interaction with your authorized email program. You'd have to set your outgoing mail server to require a password (such auth systems are already in widespread use) and you'd use Pd to lock up the password so that only the mail client could get at it (using the application-specific sealed storage feature). The user wouldn't have to type the password, in fact he wouldn't even have to know there was a password, but he'd have to click the send button himself. (Secure user I/O paths are a Palladium feature.) However, in doing this you give up the ability for ANY other program to send email, at least without the user jumping through a lot of hoops to authorize it. Maybe that's an inherently necessary feature, but there are arguably some "good" programs which can usefully send email, and you'll be tossing out those babies with the spam bathwater. Bye bye MAPI. Further, there's always the risk that the email program itself will be buggy and be able to be tricked into sending something without user authorization. Fortunately, the number of such bugs is likely to be few and confined to just one program, so those can probably be fixed relatively quickly. In short, Trusted Computing could in theory make a computer much more resistant to being used to send spam. It could still be taken over, but the malware wouldn't be able to get to the password necessary for sending mail. You'd need some help from the ISP to require the password and possibly block attempts to use remote mail servers. Of course, if the ISP is this clueful and cooperative, you'd think maybe it could stop you from sending a zillion messages per hour in the first place. The big problem is that TC is many years away. But now that you know how good it will be, I hope you will join me in my never ending battle to bring some perspective to the one-sided "debate" over this technology. There are good uses of TC, and maybe if people weren't so determined to oppose it with their last breath, we might see the technology becoming available a little sooner.