Challenge to TCPA/Palladium detractors
John S. Denker
jsd at monmouth.com
Wed Aug 7 13:43:15 PDT 2002
"AARG!Anonymous" wrote:
>
> I'd like the Palladium/TCPA critics to offer an alternative proposal
> for achieving the following technical goal:
>
> Allow computers separated on the internet to cooperate and share data
> and computations such that no one can get access to the data outside
> the limitations and rules imposed by the applications.
That is frightfully underspecified. Creating such a system
could be very easy or very hard, depending on what range of
policies is to be supported, and depending on what your
threat model is.
At one extreme I might trust an off-the-shelf PC if it were
booted from CD by trusted parties in a TEMPEST-shielded room
surrounded by armed guards. At the other extreme, making
tamper-proof hardware to face unlimited threats is very, very
hard -- most likely outside the "PC" price range for the
foreseeable future.
> In other words, allow a distributed network application to create a
> "closed world" where it has control over the data and no one can get
> the application to "cheat". IMO this is clearly the real goal of TCPA
> and Palladium, in technical terms, when stripped of all the emotional
> rhetoric.
Well, the "technical terms" are not and should not be the
sole focus of the current discussion. There are other
questions such as
-- what range of policies should be supported
-- who gets to set the policy
-- who decides who trusts whom
-- etc. etc. etc.
I agree that there has been too much ad-hominem sewage
and emotional rhetoric mixed in with the valid arguments
recently.
More information about the Testlist
mailing list