Dell to Add Security Chip to PCs

[Erwann ABALEA]

Bonjour,

On Wed, 2 Feb 2005, Erwann ABALEA wrote:

> On Wed, 2 Feb 2005, Trei, Peter wrote:
>
> > Seeing as it comes out of the TCG, this is almost certainly
> > the enabling hardware for Palladium/NGSCB. Its a part of
> > your computer which you may not have full control over.
>
> Please stop relaying FUD. You have full control over your PC, even if this
> one is equiped with a TCPA chip. See the TCPA chip as a hardware security
> module integrated into your PC. An API exists to use it, and one if the
> functions of this API is 'take ownership', which has the effect of
> erasing it and regenerating new internal keys.

I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an
expensive CC EAL4+ evaluated token, install the drivers, and solve the
inevitable conflicts that will occur, simply to store his private key? You
first have to be good to convice him to justify the extra depense.
If a standard secure hardware cryptographic device is installed by default
on PCs, it's OK! You could obviously say that Mr Smith won't be able to
move his certificates from machine A to machine B, but more than 98% of
the time, Mr Smith doesn't need to do that.

Installing a TCPA chip is not a bad idea. It is as 'trustable' as any
other cryptographic device, internal or external. What is bad is accepting
to buy a software that you won't be able to use if you decide to claim
your ownership... Palladium is bad, TCPA is not bad. Don't confuse the
two.

-- 
Erwann ABALEA <erwann at abalea.com> - RSA PGP Key ID: 0x2D0EABD5