Overcoming the potential downside of TCPA

Joseph Ashwood ashwood at msn.com
Tue Aug 13 22:58:58 PDT 2002


Lately on both of these lists there has been quite some discussion about
TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :)
However there is something that is very much worth noting, at least about
TCPA.

There is nothing stopping a virtualized version being created.

There is nothing that stops say VMWare from synthesizing a system view that
includes a virtual TCPA component. This makes it possible to (if desired)
remove all cryptographic protection.

Of course such a software would need to be sold as a "development tool" but
we all know what would happen. Tools like VMWare have been developed by
others, and as I recall didn't take all that long to do. As such they can be
anonymously distributed, and can almost certainly be stored entirely on a
boot CD, using the floppy drive to store the keys (although floppy drives
are no longer a "cool" thing to have in a system), boot from the CD, it runs
a small kernel that virtualizes and allows debugging of the TPM/TSS which
allows the viewing, copying and replacement of private keys on demand.

Of course this is likely to quickly become illegal, or may already, but that
doesn't stop the possibility of creating such a system. For details on how
to create this virtualized TCPA please refer to the TCPA spec.
                Joe


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list