Challenge to David Wagner on TCPA

rsedc at atlantic.gse.rmit.edu.au rsedc at atlantic.gse.rmit.edu.au
Fri Aug 2 00:35:41 PDT 2002 

On Mon, Jul 29, 2002 at 03:35:32PM -0700, AARG! Anonymous wrote:
> Declan McCullagh writes at
> http://zdnet.com.com/2100-1107-946890.html:
> 
>    "The world is moving toward closed digital rights management systems
>    where you may need approval to run programs," says David Wagner,
>    an assistant professor of computer science at the University of
>    California at Berkeley.  "Both Palladium and TCPA incorporate features
>    that would restrict what applications you could run."
> 
> But both Palladium and TCPA deny that they are designed to restrict what
> applications you run.  The TPM FAQ at
> http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads, in
> answer #1:
> 
> : The TPM can store measurements of components of the user's system, but
> : the TPM is a passive device and doesn't decide what software can or
> : can't run on a user's system.
> 
> An apparently legitimate but leaked Palladium White Paper at
> http://www.neowin.net/staff/users/Voodoo/Palladium_White_Paper_final.pdf
> says, on the page shown as number 2:
> 
> : A Palladium-enhanced computer must continue to run any existing
> : applications and device drivers.

<snip/>

> Can you find anything in this spec that would do what David Wagner says
> above, restrict what applications you could run?  Despite studying this
> spec for many hours, no such feature has been found.
> 
> So here is the challenge to David Wagner, a well known and justifiably
> respected computer security expert: find language in the TCPA spec to
> back up your claim above, that TCPA will restrict what applications
> you can run.  Either that, or withdraw the claim, and try to get Declan
> McCullagh to issue a correction.  (Good luck with that!)

'Applications' as used in Wagner's statement can be actions
or computer programs to accomplish the desired tasks for the
users/owners.

>From Webster's Revised Unabridged Dictionary (1913) [web1913]:

  Application \Ap`pli*ca"tion\, n. [L. applicatio, fr. applicare:
     cf. F. application. See {Apply}.]

     3. The act of applying as a means; the employment of means to
        accomplish an end; specific use.

>From WordNet (r) 1.7 [wn]:

     3: a program that gives a computer instructions that provide
        the user with tools to accomplish a task;

Both involve using the term 'accomplish'.
Whereas from WordNet (r) 1.7 [wn]:

  software
       n : (computer science) written programs or procedures or rules
           and associated documentation pertaining to the operation
           of a computer system and that are stored in read/write
           memory;

As you can see, 'application' differs from 'software' in that an
'application' needs to 'accomplish' the desired tasks.

If as you said later,

On Thu, Aug 01, 2002 at 04:45:15PM -0700, AARG! Anonymous wrote:
> But no, the TCPA does allow all software to run.  Just because a remote
> system can decide whether to send it some data doesn't mean that software
> can't run.  And just because some data may be inaccessible because it
> was sealed when another OS was booted, also doesnt mean that software
> can't run.
> 
> I think we agree on the facts, here.  All software can run, but the TCPA
> allows software to prove its hash to remote parties, and to encrypt data
> such that it can't be decrypted by other software.  Would you agree that
> this is an accurate summary of the functionality, and not misleading?

that the desired tasks cannot be accomplished, then the software might run
but the 'application' does not.

Note the TPM FAQ quoted is correct in using the term 'software' but that
is not the term used by Wagner. The sentence where the term 'application'
is used in the alleged Palladium White Paper might appear to be self
contraditory.

Therefore I do not think that Wagner needs to withdraw his claim.


David Chia
--
What do you call a boomerang that does not come back?  A Stick.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list