Challenge to David Wagner on TCPA

Wall, Kevin Kevin.Wall at qwest.com
Mon Aug 5 14:27:17 PDT 2002 

I'm resending this because I never saw it appear on the
cypherpunks at lne.com mailing list. Appologies if it has
already been through and I just missed it.

-kevin wall

-----Original Message-----
>From: Wall, Kevin 
Sent: Friday, August 02, 2002 1:27 AM
To: 'ericm at lne.com '; 'cypherpunks at lne.com ';
    'cryptography at wasabisystems.com '; 'ptrei at rsasecurity.com'
Subject: RE: Challenge to David Wagner on TCPA

Mr AARG! writes...

> Eric Murray writes:
> > Yes, the spec says that it can be turned off.  At that point you
> > can run anything that doesn't need any of the protected data or
> > other TCPA services.   But, why would a software vendor that wants
> > the protection that TCPA provides allow his software to run
> > without TCPA as well, abandoning those protections?
> 
> That's true; in fact if you ran it earlier under TCPA and sealed some
> data, you will have to run under TCPA to unseal it later.  The question
> is whether the advantages of running under TCPA (potentially greater
> security) outweigh the disadvantages (greater potential for loss of
> data, less flexibility, etc.).

and in another reply to Peter Trei, Mr. AARG! also writes...

> Now, there is an optional function which does use the manufacturer's key, 
> but it is intended only to be used rarely.  That is for when you need to 
> transfer your sealed data from one machine to another (either because you 
> have bought a new machine, or because your old one crashed).  In this 
> case you go through a complicated procedure that includes encrypting 
> some data to the TPME key (the TPM manufacturer's key) and sending it 
> to the manufacturer, who massages the data such that it can be loaded 
> into the new machine's TPM chip. 
> 
> So this function does require pre-loading a manufacturer key into the 
> TPM, but first, it is optional, and second, it frankly appears to be so 
> cumbersome that it is questionable whether manufacturers will want to 
> get involved with it.  OTOH it is apparently the only way to recover 
> if your system crashes.  This may indicate that TCPA is not feasible, 
> because there is too much risk of losing locked data on a machine crash, 
> and the recovery procedure is too cumbersome.  That would be a valid 
> basis on which to criticize TCPA, but it doesn't change the fact that 
> many of the other claims which have been made about it are not correct. 

Correct me if I'm wrong (I'm sure you all will :), but wouldn't you also
have to possibly go through this exercise with the TPME key and sending
your system to the manufacturer when you wanted to, say, upgrade your
operating system or switch to a completely different OS? That will go
over like a lead balloon. (Gee... must be getting late. I almost wrote
"like a bag of dirt". Duh! Can't even remember cliches at my age.)

-kevin wall
P.S.- Please excuse the sh*t formating. We use Lookout! and MS Exstrange
      where I work.
---
Kevin W. Wall		Qwest Information Technology, Inc.
Kevin.Wall at qwest.com	Phone: 614.932.5542
"Wipe Info uses hexadecimal values to wipe files. This provides more
security than wiping with decimal values."
		-- Norton System Works 2002 manual, pg 160

More information about the cypherpunks-legacy mailing list