Other uses of TCPA
Mike Rosing
eresrch at eskimo.com
Sun Aug 4 19:38:37 PDT 2002
On Sun, 4 Aug 2002, AARG! Anonymous wrote:
> Eugen Leitl writes:
>
> > On Sat, 3 Aug 2002, AARG! Anonymous wrote:
> >
> > > But you won't now say that TCPA is OK, will you? You just learned
> > > some information which objectively should make you feel less bad about
> > > it, and yet you either don't feel that way, or you won't admit it. I
> > > am coming to doubt that people's feelings and beliefs about TCPA are
> > > based on facts at all. No matter how much I correct negative
> > > misconceptions about these systems, no one will admit to having any
> > > more positive feelings about it.
> >
> > Whoa there. Hold the horses. You're completely inverting the burden of
> > proof here. You're *trusting* a preliminary spec fielded by *whom* again?
> > Were you on the design team? Are you on implementers' team? Have you
> > reverse engineered the function from tracing the structures on the die?
> > Will you continue doing this, sampling every batch being shipped?
Whoa there is right! Yes, you are definitly educating me. Thank you.
I am now totally confused on a lot of issues. So far, you have moved
me from thinking TCPA seems like it might be useful to thinking that
it's pretty monstrous. If you want to be a good teacher, you will have
some patience. If you are a troll, you will get frustrated and leave
soon.
> I am judging the proposal on the basis of the spec. I think that is the
> correct way to do the analysis. Then, you can extend your analysis on
> the basis of ways you think the spec might change. But surely the spec
> ought to be a starting point for any judgement. Otherwise there is no
> factual basis for the analysis.
Agreed.
> Yet no one here has said that now that they understand the spec better,
> they don't think TCPA as specified would be as bad as they thought.
> Some people, like James Donald and Ryan Lackey, have said that they
> don't think TCPA would be all that bad if it weren't for government,
> copyright laws, etc. But no one has suggested that my many postings
> have changed their opinion about TCPA in and of itself.
Maybe that's because I'm not convinced yet. I've got a thick skull :-)
> The Alliance consists of Compaq, Intel, IBM, HP, and Microsoft.
> (Since then HP has bought Compaq.) Even if you hate Microsoft, you
> probably don't hate all of these companies, do you?
Hate is too strong a word. They aren't evil because they want to be,
but because they have to be. They won't survive if they don't optimize
society to their advantage.
> I think the spec directly contradicts this claim! If they cared so little
> about user privacy, why would they use an elaborate system with a Privacy
> CA to make sure no user-identifiable information leaks onto the net?
> Surely the simpler approach would be what James Donald suggested, to send
> out the TPM's public key and let people use that. But it is a per-user
> identifier and so they went to great lengths to conceal it.
It creates a single point of attack. It reminds me of key escrow. Once
you get to the chewy center, you can control everything. More questions
below.
> Furthermore, if their motivations were so bad, wouldn't it have been
> better for them for TCPA to work the way most people assume, to only
> load software which has been signed by some authority? Instead they
> are careful to let any software load, and to report its status to third
> parties, so the third parties can make their own judgements about what
> to trust. Why do you think they did it like this, if they were so
> determined to minimize the control of the end user?
Because it's hard to think about everything. Maybe they didn't finish
thinking all the ramifications through. I would hope we'll be able
to ask enough questions that you'll have a hard time quoting the spec.
> Who cares what I am? It's facts that count! I could be Satan Incarnate
> and it wouldn't matter. I am giving you facts about TCPA based on my
> personal investment of time to study the system. Tell me this: if you
> care about this standard, why not get it and learn it yourself? Not one
> person here has done this! Everyone prefers to believe falsehoods than
> to learn the truth for themself. Do you think that is a good strategy
> for survival in a potentially hostile and dangerous world?
Not in a democracy. All laws are based on belief. They have nothing to
do with facts. Facts get in the way and are far too confusing for a
majority of humans. While understanding the facts is useful to anyone
who wants real power, you can still accomplish a lot in the short run
with a good lie.
But I would like to understand TCPA enough that I can tell which newspaper
article is the lie and which isn't.
> All I am really asking for is someone to acknowledge that I have provided
> information to them which makes them see TCPA as less dangerous and
> damaging than they had thought based on the false information which has
> been circulating. I don't see how anyone can deny this. The caricature
> of TCPA that most people believe is very bad. The truth is not so bad.
> Logically, you *have* to believe that TCPA is not as bad as you thought,
> when you are provided with the truth.
Well I deny it. So far, I am still confused and amazed at how powerful
a device you have described.
>From a different message-
:Date: Sat, 3 Aug 2002 23:50:24 -0700
:From: AARG! Anonymous <remailer at aarg.net>
:To: cypherpunks at lne.com
:Subject: Re: Other uses of TCPA
:
:Mike Rosing wrote:
:> Who owns PRIVEK? Who controls PRIVEK? That's who own's TCPA.
:
:PRIVEK, the TPM's private key, is generated on-chip. It never leaves
:the chip. No one ever learns its value. Given this fact, who would
:you say owns and controls it?
OK, so why can't any joe hacker create their own PRIVEK? _nobody_ knows
it's value? Then how can anyone know if a chip is "real" or "imitation".
What happens when the motherboard dies again? PRIVEK was copied out of
the chip to some "fob" right? I thought you said the manufacturer put
the keys in at the factory.
I'm confused dude, straighten me out.
Patience, persistence, truth,
Dr. mike
More information about the cypherpunks-legacy
mailing list