Challenge to David Wagner on TCPA

Jay Sulzberger jays at panix.com
Fri Aug 2 16:27:09 PDT 2002 

On Fri, 2 Aug 2002, Trei, Peter wrote:

> > AARG! Anonymous[SMTP:remailer at aarg.net] writes
> 	[...]
> > Now, there is an optional function which does use the manufacturer's key,
> > but it is intended only to be used rarely.  That is for when you need to
> > transfer your sealed data from one machine to another (either because you
> > have bought a new machine, or because your old one crashed).  In this
> > case you go through a complicated procedure that includes encrypting
> > some data to the TPME key (the TPM manufacturer's key) and sending it
> > to the manufacturer, who massages the data such that it can be loaded
> > into the new machine's TPM chip.
> >
> > So this function does require pre-loading a manufacturer key into the
> > TPM, but first, it is optional, and second, it frankly appears to be so
> > cumbersome that it is questionable whether manufacturers will want to
> > get involved with it.  OTOH it is apparently the only way to recover
> > if your system crashes.  This may indicate that TCPA is not feasible,
> > because there is too much risk of losing locked data on a machine crash,
> > and the recovery procedure is too cumbersome.  That would be a valid
> > basis on which to criticize TCPA, but it doesn't change the fact that
> > many of the other claims which have been made about it are not correct.
> [...]
>
> While I reserve the right to respond to the rest of the poster's letter,
> I'd like to call out this snippet, which gives a very good reason
> for both corporate and individual users to avoid TCPA as if it were
> weaponized anthrax (Hi NSA!).
> ...
> OK, It's 2004, I'm an IT Admin, and I've converted my corporation
> over to TCPA/Palladium machines. My Head of Marketing has his
> TCPA/Palladium desktop's hard drive jam-packed with corporate
> confidential documents he's been actively working on - sales
> projections,  product plans, pricing schemes. They're all sealed files.
>
> His machine crashes - the MB burns out.
> He wants to recover the data.
>
> HoM: 	I want to recover my data.
> Me: 	OK: We'll pull the HD, and get the data off it.
> HoM:	Good - mount it as a secondary HD in my new system.
> Me:	That isn't going to work now we have TCPA and Palladium.
> HoM:	Well, what do you have to do?
> Me:	Oh, it's simple. We encrypt the data under Intel's TPME key,
> 	and send it off to Intel. Since Intel has all the keys, they can
> 	unseal all your data to plaintext, copy it, and then re-seal it for
> 	your new system. It only costs $1/Mb.
> HoM:	Let me get this straight - the only way to recover this data is to
> let
> 	Intel have a copy, AND pay them for it?
> Me:	Um... Yes. I think MS might be involved as well, if your were using
> 	Word.
> HoM:	You are *so* dead.
>
> ---------------------------
>
> Peter Trei

I think that many managers in this situation would feel reassured that both
Intel and Microsoft would be handling these sensitve documents.  Else why
do lawyers use Microsoft systems to send unencrypted documents between
offices?

ad technicalities: Just one more level of indirection^Wencryption would
answer the objections of those few managers of exquisite sensibilities, who
worry about Intel/Microsoft reading their documents.

oo--JS.

More information about the cypherpunks-legacy mailing list