dangers of TCPA/palladium

James A. Donald jamesd at echeque.com
Mon Aug 5 19:33:25 PDT 2002


    --
On 5 Aug 2002 at 16:25, AARG! Anonymous wrote:
> Well, he can choose who he buys the TPM chip from, I suppose. 
> But upgrades are basically new firmware for the TPM chip, so
> they will probably always come from the manufacturer.

Sure, no problem, if the manufacturer is not acting under state
direction.  Let us instead suppose, as seems likely, all
manufacturers are directed to upgrade TPM with clipper chip
technology.

Obviously as long as TPM is not backed by legal force, it cannot
do anything very bad.   But the TPM technology puts my throat
where the legislators can cut it.

> > The danger once we get to this scenario is that as I described
> > above TCPA itself becomes "a generic extensible policy
> > enforcement architecture which can be configured to robustly
> > enforce policies against the interests of the machine owner."
> > This could be used for all kinds of malware policies which
> > would run in the secure code compartments, for example:
> >
> > - clipper / US key escrow implementation as a TCPA policy
> > module

On 5 Aug 2002 at 16:25, AARG! Anonymous wrote:
> Where would that fit in the spec?

The hardware supports it.  The spec says the software and CA
policies will not.  The spec also says that both software and
policies can and will be frequently revised.

There is obvious potential there to back TCPM with anti
circumvention laws, and all sorts of unpleasantness.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     7psEoY7rJFk92hlIOz7Ez88G08qsf7BTR4MvGmI4
     2Ue/dlRhUUlakQqaTi3EO1g5Gi1JzpgJD1lLYYgGF





More information about the cypherpunks-legacy mailing list