Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)

Arnold G. Reinhold reinhold at world.std.com
Tue Oct 22 12:29:26 PDT 2002


At 4:52 PM +0100 10/22/02, Adam Back wrote:
>Remote attestation does indeed require Palladium to be secure against
>the local user. 
>
>However my point is while they seem to have done a good job of
>providing software security for the remote attestation function, it
>seems at this point that hardware security is laughable.

I think the most important phrase above is "at this point." Palladium 
is still being designed.  I'd argue that the software/firmware 
portion is the trickiest to get right. It seems rational for 
Microsoft to let that design mature, then analyze the remaining 
hardware threats and turn the hardware engineers loose to try to plug 
them.

Palladium has to be viewed in the larger context of a negotiation 
between Microsoft and Hollywood (I include here all the content 
owners: movie studios, recording industry, book publishers, etc. ). 
Hollywood would prefer a completely closed PC architecture, where 
consumers' use of the computer could be tightly monitored and 
controlled.  They perceive general purpose computing as we know and 
love it to be a mortal threat to their continued existence. Keeping 
the content of DVDs and future media locked up is not enough in their 
eyes. They want all material displayed to be checked for watermarks 
and blocked or degraded if the PC owner hasn't paid for the content.

Microsoft wants to preserve general purpose computing because it 
realizes that in a closed architecture, the OS would become a mere 
commodity component and the consumer electronics giants would 
eventually displace Microsoft. On the other hand, Microsoft needs 
Hollywood provide the kind of content that will drive PC sales and 
upgrades. The base line PC platform of today or even two years ago is 
powerful enough for most consumers and businesses. People are keeping 
their PCs longer and not upgrading them as often. Most everyone who 
wants a PC (at least in North America) already has one. Microsoft 
needs something new to drive sales.

I expect Microsoft and Hollywood to haggle over the final specs for 
Palladium PCs and no doubt additional hardware protection measures 
will be included.  The actual spec may well be kept secret, with NDA 
access only. Hollywood will hold two strong card at the table: its 
content and the threat of legislation.  I'm sure Senator Hollings is 
watching developments closely.

The big question in my mind is how to get PC consumers a place at the 
bargaining table. It seems to me that PC consumers have three tools: 
votes, wallets and technology. The Internet is well suited to 
political organizing. Remember the amount of mail generated by the 
modem tax hoax? Consumer boycotts are another powerful threat, given 
how powerful and upgradable existing computer already are. Technology 
can provide an alternative way to gain the benefits that will be 
touted for controlled computing.  Anti-virus and anti-DDS techniques 
come to mind. Also, since I expect an eventual push to ban 
non-Palladium computers from the Internet, alternative networking 
technology will be important.

The Palladium story is just beginning.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list