Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)
Arnold G. Reinhold
reinhold at world.std.com
Tue Oct 22 12:29:26 PDT 2002
At 4:52 PM +0100 10/22/02, Adam Back wrote:
>Remote attestation does indeed require Palladium to be secure against
>the local user.
>
>However my point is while they seem to have done a good job of
>providing software security for the remote attestation function, it
>seems at this point that hardware security is laughable.
I think the most important phrase above is "at this point." Palladium
is still being designed. I'd argue that the software/firmware
portion is the trickiest to get right. It seems rational for
Microsoft to let that design mature, then analyze the remaining
hardware threats and turn the hardware engineers loose to try to plug
them.
Palladium has to be viewed in the larger context of a negotiation
between Microsoft and Hollywood (I include here all the content
owners: movie studios, recording industry, book publishers, etc. ).
Hollywood would prefer a completely closed PC architecture, where
consumers' use of the computer could be tightly monitored and
controlled. They perceive general purpose computing as we know and
love it to be a mortal threat to their continued existence. Keeping
the content of DVDs and future media locked up is not enough in their
eyes. They want all material displayed to be checked for watermarks
and blocked or degraded if the PC owner hasn't paid for the content.
Microsoft wants to preserve general purpose computing because it
realizes that in a closed architecture, the OS would become a mere
commodity component and the consumer electronics giants would
eventually displace Microsoft. On the other hand, Microsoft needs
Hollywood provide the kind of content that will drive PC sales and
upgrades. The base line PC platform of today or even two years ago is
powerful enough for most consumers and businesses. People are keeping
their PCs longer and not upgrading them as often. Most everyone who
wants a PC (at least in North America) already has one. Microsoft
needs something new to drive sales.
I expect Microsoft and Hollywood to haggle over the final specs for
Palladium PCs and no doubt additional hardware protection measures
will be included. The actual spec may well be kept secret, with NDA
access only. Hollywood will hold two strong card at the table: its
content and the threat of legislation. I'm sure Senator Hollings is
watching developments closely.
The big question in my mind is how to get PC consumers a place at the
bargaining table. It seems to me that PC consumers have three tools:
votes, wallets and technology. The Internet is well suited to
political organizing. Remember the amount of mail generated by the
modem tax hoax? Consumer boycotts are another powerful threat, given
how powerful and upgradable existing computer already are. Technology
can provide an alternative way to gain the benefits that will be
touted for controlled computing. Anti-virus and anti-DDS techniques
come to mind. Also, since I expect an eventual push to ban
non-Palladium computers from the Internet, alternative networking
technology will be important.
The Palladium story is just beginning.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list