Other uses of TCPA

[AARG! Anonymous]

Eugen Leitl writes:

> On Sat, 3 Aug 2002, AARG! Anonymous wrote:
>
> > But you won't now say that TCPA is OK, will you?  You just learned
> > some information which objectively should make you feel less bad about
> > it, and yet you either don't feel that way, or you won't admit it.  I
> > am coming to doubt that people's feelings and beliefs about TCPA are
> > based on facts at all.  No matter how much I correct negative
> > misconceptions about these systems, no one will admit to having any
> > more positive feelings about it.
>
> Whoa there. Hold the horses. You're completely inverting the burden of
> proof here. You're *trusting* a preliminary spec fielded by *whom* again?
> Were you on the design team? Are you on implementers' team? Have you
> reverse engineered the function from tracing the structures on the die?  
> Will you continue doing this, sampling every batch being shipped?

I am judging the proposal on the basis of the spec.  I think that is the
correct way to do the analysis.  Then, you can extend your analysis on
the basis of ways you think the spec might change.  But surely the spec
ought to be a starting point for any judgement.  Otherwise there is no
factual basis for the analysis.

Yet no one here has said that now that they understand the spec better,
they don't think TCPA as specified would be as bad as they thought.
Some people, like James Donald and Ryan Lackey, have said that they
don't think TCPA would be all that bad if it weren't for government,
copyright laws, etc.  But no one has suggested that my many postings
have changed their opinion about TCPA in and of itself.

> Consider the source. It is bogged down with enough bad mana to last for
> centuries.

The Alliance consists of Compaq, Intel, IBM, HP, and Microsoft.
(Since then HP has bought Compaq.)  Even if you hate Microsoft, you
probably don't hate all of these companies, do you?

> Consider the motivations. They're certainly not there to
> enhance end user's privacy and anonymitity. In fact, one of the design
> specs must have been minimizing the latter as long as it not hurts the
> prime design incentives. These are all facts you won't find in the specs.

I think the spec directly contradicts this claim!  If they cared so little
about user privacy, why would they use an elaborate system with a Privacy
CA to make sure no user-identifiable information leaks onto the net?
Surely the simpler approach would be what James Donald suggested, to send
out the TPM's public key and let people use that.  But it is a per-user
identifier and so they went to great lengths to conceal it.

Furthermore, if their motivations were so bad, wouldn't it have been
better for them for TCPA to work the way most people assume, to only
load software which has been signed by some authority?  Instead they
are careful to let any software load, and to report its status to third
parties, so the third parties can make their own judgements about what
to trust.  Why do you think they did it like this, if they were so
determined to minimize the control of the end user?

> It boggles my mind I have to explain this, especially to a member of this 
> particular community. Are you really sure you're not a TCPA troll?

Who cares what I am?  It's facts that count!  I could be Satan Incarnate
and it wouldn't matter.  I am giving you facts about TCPA based on my
personal investment of time to study the system.  Tell me this: if you
care about this standard, why not get it and learn it yourself?  Not one
person here has done this!  Everyone prefers to believe falsehoods than
to learn the truth for themself.  Do you think that is a good strategy
for survival in a potentially hostile and dangerous world?

> If they manage to slip that particular toad into high volume production,
> hackers will of course use it, inasmuch possible thwarting the original
> intent. But you seem to ask for blanket endorsement based merely on spec,
> which is a rather tall order.

All I am really asking for is someone to acknowledge that I have provided
information to them which makes them see TCPA as less dangerous and
damaging than they had thought based on the false information which has
been circulating.  I don't see how anyone can deny this.  The caricature
of TCPA that most people believe is very bad.  The truth is not so bad.
Logically, you *have* to believe that TCPA is not as bad as you thought,
when you are provided with the truth.

Let me ask you, Eugen: isn't a TCPA which is open, which will run all
software, which does not prevent any software from running, better than
a TCPA which will only run signed software?  I know you are a person who
is willing to think for himself and defy the conventional wisdom.  Please
respond to this message and explain to me how this logic strikes you.