Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Trustworthy Computing Mini-Poll
From: Simon Richter <Simon.Richter () hogyros de>
Date: Fri, 20 Dec 2002 01:35:07 +0100

Hi Andrew,

On Thu, Dec 19, 2002 at 09:06:58AM +0200, Andrew Thomas wrote:
form a lobby group and ask for the "owner + web of trust"
solution. It is technically doable and in the line of liberalism, so I think it
has a good chance of becoming law.

I might be missing something, but how does software/hardware limitation of
personal control fall under the description of 'in the line of liberalism'? 

I was talking about the "web of trust model", where the owner of the
computer decides whom to trust as an introducer and whom to trust as a
software vendor. So this doesn't in fact limit your personal control
over what software runs on your computer, as you can always sign it
yourself. Since a lot of users do not (want to) understand what a web of
trust is, a number of "trust centers" will pop up, competing for
software developers (=> reasonable price). The OSS people will simply
use their own web of trust, and people wishing to install OSS software
can also enter this web at the next signing party or compile and sign
the software themselves. The only thing that is bad about being
liberalist here is that M$ gets to decide whose keys they ship with
Windows -- but as long as the user is able to install new keys and
express trust into them, users will still vote with their feet (if M$'s
pricing is unresonable, we tell people to install a certain key in the
manual -- and that key will probably belong to a group of software

On the copy protection side, customers will have the choice between
buying combo hardware (DVD drive, gfx card, sound card, special cable
inbetween, all from the same vendor) and using a non-TCPA CPU or
selecting hardware from different vendors and using a TCPA CPU. In fact
I think the copy protection features in the TCPA hardware will be born
dead, since a hardware-only scheme is much cheaper, and customers will
be happy about the CPU time saved by decoding that MPEG stuff in hardware.

I'm still wondering whether TCPA or the hardware schemes are in fact
weaker -- TCPA can probably be cracked in software, but OTOH a lot of
the hardware solutions will be security-by-obscurity or at least one of
them may have a small flaw (a chosen-plaintext attack may be enough of a
hole for a mod chip).

To answer your question, I would personally be quite happy for the technology to
be developed, as long as it wasn't forced on me by law.

Would you buy/use it if you had the choice? I mean, there are a lot of
advantages... :-)


GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD  ADC6 18A0 CC8D 5706 A4B4

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]