Other uses of TCPA
Nomen Nescio
nobody at dizum.com
Sat Aug 3 11:10:03 PDT 2002
James Donald writes:
> I can only see one application for voluntary TCPA, and that is the
> application it was designed to perform: Make it possible run
> software or content which is encrypted so that it will only run on
> one computer for one time period.
You've said this a few times, and while it is a plausible goal of the
designers, I don't actually see this specific capability in the TCPA spec,
nor is it mentioned in the Palladium white paper.
For TCPA, you'd have to have the software as a blob which is encrypted
to some key that is locked in the TPM. But the problem is that the
endorsement key is never leaked except to the Privacy CA, so the content
provider can't encrypt to that key. Then there are Identity keys which
are short-term generated keys that get signed by the Privacy CA, but
these are primarily used to prove that you are running a TCPA system.
I'm not even sure if they are decryption keys. In any case they are
supposed to be relatively transient. You get a new one each time you go
online so that your web activities are not linkable. So I don't think
Identity keys would be very suitable for locking software too, either.
I admit that it would be unlikely for Microsoft to go to all the trouble
of creating Palladium, without using it to solve its own severe software
piracy problems. So I certainly wouldn't be surprised to see some way
of achieving what you are talking about. But it is not mentioned in the
white paper, and TCPA doesn't seem to support it very well. If it was,
as you say, "the application it was designed to perform," this fact is
far from apparent in the design documents.
More information about the cypherpunks-legacy
mailing list