Challenge to TCPA/Palladium detractors

Sunder sunder at sunder.net
Thu Aug 8 07:14:24 PDT 2002


You can only do this if you can trust the hardware.  As long as any
potential untrustworthy folks have access to that hardware, it cannot be
done.

It is possible to do the rest of this if you manage to secure the machines
from any other kinds of access by disabling all services other than that
particular p2p (to prevent remote access overflows from insecure
applications).   If you see the network problem as a multi-ended VPN,
that's the next part.

But I do not see any way for any member of the network to certify that any
other node is running exactly the same software, unless all nodes restrict
access to the hardware and have an external certification process.  If
anyone anywhere can grab the software - binary or source and join the
network while still having hardware access, all bets are off.  

The only thing the other nodes can certify is that the crypto signatures
are right, and that the protocol is the same.  But even if you sign the
binaries, you don't know that the thing at the other end has the signature
it just sent you.

You can try to make things complex such as pushing binaries to the other
node and having them run there, but you don't know if you're inside a
VMware box, or Bochs emulator, or a real machine.

Even if you can certify that the application does what you think it does,
you can't ceritfy that the operating system or the hardware isn't going to
do anything else.

End of story.  Can't be done so long as anyone other than you has root on
the machine, or has physical access.  Hence you need to buttplug the
hardware and make it difficult to modify.  Even so, you don't have any
idea of if that CPU really is what it says it is, or that the hardware
will do what you think it will do.  Hardware can be replaced or patched
with things that can look like the original, or things that at some
opportune moment interrupt and switch out that hardware, then get full
access to all the ram.

No, I couldn't afford such hardware mods.  But say someone that has enough
money to own a DVD pressing factory certainly can afford the R&D.  In the
end TCPA/Palladium will be broken.  Just the USG kept pushing single DES
until even a bit after the DES cracker got built.

I've no problem with that, nor the fact the RIAA/MPAA want to protect
their warez - if they get that oppresive, I won't be buying it, and I'm
positive that others won't either...  In the end, they'll just be burning
a lot of money and find out that they'll go broke.  Ironic? Yup.  As long
as it's a free market, they'll fry for pissing off their consumers.


I do have a problem with having spyware forced down my machines by John
Law.  Intel wants to put Pd compliant chips in their mobo's, fine, I won't
buy their hardware -- or if I do, I'll be sure to reflash the BIOS to a
slightly different enough version without signatures to force the Pd chip
to shut down... If it won't let me, their loss.  There's still AMD.  AMD
joins intel?  Fuck x86, there's still Sun, and Apple.  

The only way that Pd will be successful is if every hardware manufacturer
is forced by law to include it.  And I've no problem with MSFT making
their software oppresive, they're just digging their own graves, I'll
applaud as they sink in to the bog.  Fuck'em.  They're extinct.


Long as the motherboard will let me boot whatever OS I want, long as
Kongress keeps their paws out of my machine and doesn't extract a tax to
pay the losers for their "losses", MSFT, Intel, MPAA, RIAA can do whatever
they want.


And no, I don't believe that making an open source, hardware free version
of what they're trying to do will prevent Jackoff Vallenti from pushing
dollars to kongress to close the PeeCee hole while sucking Bill Gates's
balls simultaneously.

In the end, the only guarantee you have is that the thing at the end is
talking the same language as you and that anyone else can't snoop the
traffic and see what's there - so long as your crypto-fu is good, and the
security on both machines is decent enough to prevent them from being
owned.  So why bother?

Just because the evil empire is running at full speed towards the
precipice doesn't mean we need open source versions of the same insanity
that drives'em.



----------------------Kaos-Keraunos-Kybernetos---------------------------
 + ^ + :NSA got $20Bill/year|Passwords are like underwear. You don't /|\
  \|/  :and didn't stop 9-11|share them, you don't hang them on your/\|/\
<--*-->:Instead of rewarding|monitor, or under your keyboard, you   \/|\/
  /|\  :their failures, we  |don't email them, or put them on a web  \|/
 + v + :should get refunds! |site, and you must change them very often.
--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------

On Wed, 7 Aug 2002, AARG! Anonymous wrote:

> I'd like the Palladium/TCPA critics to offer an alternative proposal
> for achieving the following technical goal:
> 
>   Allow computers separated on the internet to cooperate and share data
>   and computations such that no one can get access to the data outside
>   the limitations and rules imposed by the applications.
> 
> In other words, allow a distributed network application to create a
> "closed world" where it has control over the data and no one can get
> the application to "cheat".  IMO this is clearly the real goal of TCPA
> and Palladium, in technical terms, when stripped of all the emotional
> rhetoric.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list