"trust me" pseudonyms in TCPA (Re: Other uses of TCPA)

Mike Rosing eresrch at eskimo.com
Mon Aug 5 07:42:45 PDT 2002 

On Mon, 5 Aug 2002, Adam Back wrote:

> I haven't read the TCPA detailed spec yet (next on TCPA/Palladium list
> of reading material), but this bit I can infer I think:

I don't have time to read it, but I do appreciate the effort you've
put into this so far!

> The corresponding public key is certified by the secure hardware
> manufacturer, I think.

Are all the keys certified?  Are any copied outright?

> Then they have this privacy CA which accepts requests signed by the
> platform's signature key, and gives in return a certified pseudonym of
> the users choice.  They claim this gives privacy, which it only does
> if you trusted the "privacy CA" -- the privacy CA can link all of your
> anonymous and pseudonymous credentials.  (Anonymous may want to
> straighten out the different keys names -- I think there are some
> encryption, some signature, some sealing keys derived from other
> secret keys and the checksum of the application and OS / firmware
> etc.)
>
> Brands digital credentials could be used to fix this sub-problem I
> think.

One key for encryption, one key for signature, one key for checksums,
and one key to rule them all!!  :-)

> They put in the privacy CA thing as a defense against the PR problems
> Intel had with the pentium serial number.  The FAQs at
> www.trustedpc.org talk about this arguing how this is better than
> pentium serial number at avoiding linkability.
>
> The documentation problem I find is there isn't much documentation
> available which is technical except for the 330 page spec which drops
> right down to implementation details in RFC standards style.

I think that explaining it in a mathematical or technical abstract
way would give competitors an advantage.  Seems like the consortium
that's building it can keep these details proprietary and just
sell the thing on the market to whoever wants to buy it - no need
for all this FAQ stuff anyway.  They only need publicity to get
past the congress or MP's.  I guess I don't see why the spec is
public if the purpose is to create a platform that's just a toy.
But I'm confused, so keep at it and maybe I'll figure something out!

Patience, persistence, truth,
Dr. mike

More information about the cypherpunks-legacy mailing list