dangers of TCPA/palladium

AARG!Anonymous remailer at aarg.net
Tue Aug 6 15:30:13 PDT 2002


Lucky Green writes:

> Though routinely professing otherwise, evidently Anonymous knows nothing
> of the spirit of the TCPA:

I have in fact never claimed to be a TCPA insider; quite the opposite,
I have consistently explained that I am merely someone who has taken the
time to study the specification and other documents in order to educate
myself about the system.

My interpretation of the spirit of the proposal comes solely from
reading these documents.  They go to considerable lengths to protect user
privacy, even to the point that the main TPM key is an encrypt-only key,
not allowed to issue signatures!  I think this is to reduce the chance
of mistakenly using it to sign attestations.  Further, the protocol
with the Privacy CA is very complex and adds considerable complexity.
If they didn't care about privacy I don't think the design would devote
this much effort to it.

> I proposed the use of blinding schemes to the
> TCPA as far back as 2 years ago as a substitute to the Privacy CAs
> schemes which are subject to potential collusion. I believe
> "unreceptive", rather than "very much open to this suggestion" would
> more accurately describe the TCPA's spirit Anonymous holds so high.

Maybe this is true, but I can certainly imagine reasons other than
a secret desire to compromise users' privacy.  Going with blinding
would make the spec more complex, and they might well have had their
hands full at the time just trying to get V1.0 out.  Then there are the
patent issues with either Chaum or Brands blinding.  Plus, Brands works
with very special-format keys, variants on discrete log keys, while the
spec generally assumes RSA keys (possibly going to ECC).  And finally,
they may simply not have been that familiar with blinding technology,
which isn't that widely known outside a small subset of the cryptographic
community.  TCPA is more of a security spec than a cryptographic one,
and it's likely that not one of the main developers had every read a
paper by Stefan Brands.

Besides, after reading Lucky's absurdly conspiratorial slide show I am
skeptical about how accurately he can be relied on to report information
about TCPA.  He obviously thinks they are the spawn of the devil
and is willing to say anything in public in order to discredit them.
Otherwise why would he have made so many charges at Defcon that are
utterly without foundation?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list