Other uses of TCPA

[Mike Rosing]

On Sun, 4 Aug 2002, AARG! Anonymous wrote:

> Eugen Leitl writes:
>
> > On Sat, 3 Aug 2002, AARG! Anonymous wrote:
> >
> > > But you won't now say that TCPA is OK, will you?  You just learned
> > > some information which objectively should make you feel less bad about
> > > it, and yet you either don't feel that way, or you won't admit it.  I
> > > am coming to doubt that people's feelings and beliefs about TCPA are
> > > based on facts at all.  No matter how much I correct negative
> > > misconceptions about these systems, no one will admit to having any
> > > more positive feelings about it.
> >
> > Whoa there. Hold the horses. You're completely inverting the burden of
> > proof here. You're *trusting* a preliminary spec fielded by *whom* again?
> > Were you on the design team? Are you on implementers' team? Have you
> > reverse engineered the function from tracing the structures on the die?
> > Will you continue doing this, sampling every batch being shipped?

Whoa there is right!  Yes, you are definitly educating me.  Thank you.
I am now totally confused on a lot of issues.  So far, you have moved
me from thinking TCPA seems like it might be useful to thinking that
it's pretty monstrous.  If you want to be a good teacher, you will have
some patience.  If you are a troll, you will get frustrated and leave
soon.

> I am judging the proposal on the basis of the spec.  I think that is the
> correct way to do the analysis.  Then, you can extend your analysis on
> the basis of ways you think the spec might change.  But surely the spec
> ought to be a starting point for any judgement.  Otherwise there is no
> factual basis for the analysis.

Agreed.

> Yet no one here has said that now that they understand the spec better,
> they don't think TCPA as specified would be as bad as they thought.
> Some people, like James Donald and Ryan Lackey, have said that they
> don't think TCPA would be all that bad if it weren't for government,
> copyright laws, etc.  But no one has suggested that my many postings
> have changed their opinion about TCPA in and of itself.

Maybe that's because I'm not convinced yet.  I've got a thick skull :-)

> The Alliance consists of Compaq, Intel, IBM, HP, and Microsoft.
> (Since then HP has bought Compaq.)  Even if you hate Microsoft, you
> probably don't hate all of these companies, do you?

Hate is too strong a word.  They aren't evil because they want to be,
but because they have to be.  They won't survive if they don't optimize
society to their advantage.

> I think the spec directly contradicts this claim!  If they cared so little
> about user privacy, why would they use an elaborate system with a Privacy
> CA to make sure no user-identifiable information leaks onto the net?
> Surely the simpler approach would be what James Donald suggested, to send
> out the TPM's public key and let people use that.  But it is a per-user
> identifier and so they went to great lengths to conceal it.

It creates a single point of attack.  It reminds me of key escrow.  Once
you get to the chewy center, you can control everything.  More questions
below.

> Furthermore, if their motivations were so bad, wouldn't it have been
> better for them for TCPA to work the way most people assume, to only
> load software which has been signed by some authority?  Instead they
> are careful to let any software load, and to report its status to third
> parties, so the third parties can make their own judgements about what
> to trust.  Why do you think they did it like this, if they were so
> determined to minimize the control of the end user?

Because it's hard to think about everything.  Maybe they didn't finish
thinking all the ramifications through.  I would hope we'll be able
to ask enough questions that you'll have a hard time quoting the spec.

> Who cares what I am?  It's facts that count!  I could be Satan Incarnate
> and it wouldn't matter.  I am giving you facts about TCPA based on my
> personal investment of time to study the system.  Tell me this: if you
> care about this standard, why not get it and learn it yourself?  Not one
> person here has done this!  Everyone prefers to believe falsehoods than
> to learn the truth for themself.  Do you think that is a good strategy
> for survival in a potentially hostile and dangerous world?

Not in a democracy.  All laws are based on belief.  They have nothing to
do with facts.  Facts get in the way and are far too confusing for a
majority of humans.  While understanding the facts is useful to anyone
who wants real power, you can still accomplish a lot in the short run
with a good lie.

But I would like to understand TCPA enough that I can tell which newspaper
article is the lie and which isn't.

> All I am really asking for is someone to acknowledge that I have provided
> information to them which makes them see TCPA as less dangerous and
> damaging than they had thought based on the false information which has
> been circulating.  I don't see how anyone can deny this.  The caricature
> of TCPA that most people believe is very bad.  The truth is not so bad.
> Logically, you *have* to believe that TCPA is not as bad as you thought,
> when you are provided with the truth.

Well I deny it.  So far, I am still confused and amazed at how powerful
a device you have described.

>From a different message-
:Date: Sat, 3 Aug 2002 23:50:24 -0700
:From: AARG! Anonymous <remailer at aarg.net>
:To: cypherpunks at lne.com
:Subject: Re: Other uses of TCPA
:
:Mike Rosing wrote:
:> Who owns PRIVEK?  Who controls PRIVEK?  That's who own's TCPA.
:
:PRIVEK, the TPM's private key, is generated on-chip.  It never leaves
:the chip.  No one ever learns its value.  Given this fact, who would
:you say owns and controls it?

OK, so why can't any joe hacker create their own PRIVEK?  _nobody_ knows
it's value?  Then how can anyone know if a chip is "real" or "imitation".
What happens when the motherboard dies again?  PRIVEK was copied out of
the chip to some "fob" right?  I thought you said the manufacturer put
the keys in at the factory.

I'm confused dude, straighten me out.

Patience, persistence, truth,
Dr. mike