Challenge to David Wagner on TCPA
Mike Rosing
eresrch at eskimo.com
Fri Aug 2 21:10:32 PDT 2002
On Fri, 2 Aug 2002, AARG! Anonymous wrote:
> You don't have to send your data to Intel, just a master storage key.
> This key encrypts the other keys which encrypt your data. Normally this
> master key never leaves your TPM, but there is this optional feature
> where it can be backed up, encrypted to the manufacturer's public key,
> for recovery purposes. I think it is also in blinded form.
In other words, the manufacturer has access to all your data because
they have the master storage key.
Why would everyone want to give one manufacturer that much power?
Or am I missing something...
> You communicate with the manufacturer, give him this recovery blob, along
> with the old TPM key and the key to your new TPM in the new machine.
> The manufacturer decrypts the blob and re-encrypts it to the TPM in the
and stores the blob in a safe place for future use.
> The manufacturer sends the data back to you and you load it into the TPM
> in your new machine, which decrypts it and stores the master storage key.
> Now it can read your old data.
and so can everyone else who visits the manufacturers database.
> I think this recovery business is a real Achilles heel of the TCPA
> and Palladium proposals. They are paranoid about leaking sealed data,
> because the whole point is to protect it. So they can't let you freely
> copy it to new machines, or decrypt it from an insecure OS. This anal
> protectiveness is inconsistent with the flexibility needed in an imperfect
> world where stuff breaks.
Seems like an understatement to me :-) Explaining to every CEO left
standing that one company may have access to all their buisness data
because congress wants to make TCPA a law could be a very power lobby.
> So there are solutions, but they will add complexity and cost. At the
> same time they do add genuine security and value. Each application and
> market will have to find its own balance of the costs and benefits.
Yeah baby, tell them CEO's their costs are going up. That'll definitly
help TCPA die quickly. Especially nowadays.
Patience, persistence, truth,
Dr. mike
More information about the cypherpunks-legacy
mailing list