TCPA/Palladium -- likely future implications

[Mike Rosing]

On Fri, 9 Aug 2002, AARG! Anonymous wrote:

> : Allow computers separated on the internet to cooperate and share data
> : and computations such that no one can get access to the data outside
> : the limitations and rules imposed by the applications.
>
> It seems to me that my definition is far more useful and appropriate in
> really understanding what TCPA/Palladium are all about.  Adam, what do
> you think?

Just because you can string words together and form a definition doesn't
make it realizable.  Once data is in the clear it can be copied, and no
rules can change that.  Either the data is available to the user, and
they can copy it - or the data is not available to the user, and there's
nothing they can do when their machine does somebody elses calculations.

> I have a couple of suggestions.  One early application for TCPA is in
> closed corporate networks.  In that case the company usually buys all
> the computers and prepares them before giving them to the employees.
> At that time, the company could read out the TPM public key and sign
> it with the corporate key.  Then they could use that cert rather than
> the TPME cert.  This would protect the company's sensitive data against
> eavesdroppers who manage to virtualize their hardware.

And guess what?  I can buy that today!  I don't need either TCPA or
Palladium.  So why do we need TCPA?

> Think about it: this one innocuous little box holding the TPME key could
> ultimately be the root of trust for the entire world.  IMO we should
> spare no expense in guarding it and making sure it is used properly.
> With enough different interest groups keeping watch, we should be able
> to keep it from being used for anything other than its defined purpose.

Man, I want the stuff you are smoking!  One attack point is the root of
trust for the whole world!!???!!!  Take another hit dude, and make sure
you see lots of colors too.

Patience, persistence, truth,
Dr. mike