RE: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

Seth,

        that was a very good and interesting reply.  Thank you.

        IBM has started rolling out machines that have a TPM installed.  If
other companies do that too (and there might be others that do already -
since I don't follow this closely) then gradually the installed base of
TPM-equipped machines will grow.  It might take 10 years - or even more -
before every machine out there has a TPM.  However, that day may well come.
Then again, TPMs cost money and I don't know any private individuals who are
willing to pay extra for a machine with one.  Given that, it is unlikely
that TPMs will actually become a popular feature.

        Some TPM-machines will be owned by people who decide to do what I
suggested: install a personal firewall that prevents remote attestation.
With wider dissemination of your reasoning, that number might be higher than
it would be otherwise.

        Meanwhile, there will be hackers who accept the challenge of
defeating the TPM.  There will be TPM private keys loose in the world,
operated by software that has no intention of telling the truth to remote
challengers.  There might even be one or more web services out there with a
pool of such keys, offering to do an attestation for you telling whatever
lie you want to tell.  With such a service in operation, it is doubtful that
a service or content provider would put much faith in remote attestation -
and that, too, might kill the effort.

        At this point, a design decision by the TCPA (TCG) folks comes into
play.  There are ways to design remote attestation that preserve privacy and
there are ways that allow linkage of transactions by the same TPM.  If the
former is chosen, then the web service needs very few keys.  If the privacy
protection is perfect, then the web service needs only 1 key.  If the
privacy violation is very strong, then the web service won't work, but the
TCG folks will have set themselves up for a massive political campaign
around its violation of user privacy.

        Either of these outcomes will kill the TCG, IMHO.

        This is the reason that, when I worked for a hardware company active
in the TCPA(TCG), I argued strongly against supporting remote attestation.
I saw no way that it could succeed.

        Meanwhile, I am no longer in that company.  I have myself to look
out for.  If I get a machine with a TPM, I will make sure I have the
firewall installed.  I will use the TPM for my own purposes and let the rest
of the world think that I have an old machine with no TPM.

        You postulated that someday, when the TPM is ubiquitous, some
content providers will demand remote attestation.  I claim it will never
become ubiquitous, because of people making my choice - and because it takes
a long time to replace the installed base - and because the economic model
for TPM deployment is seriously flawed.  If various service or content
providers elect not to allow me service unless I do remote attestation, I
then have 2 choices: use the friendly web service that will lie for me - or
decline the content or service.

        The scare scenario you paint is one in which I am the lone voice of
concern floating in a sea of people who will happily give away their privacy
and allow some service or content provider to demand this technology on my
end.  In such a society, I would stand out and be subject to discrimination.
This is not a technical problem. This is a political problem. If that is a
real danger, then we need to educate those people.

        RIAA and MPAA have been hoping for some technological quick fix to
let them avoid facing the hard problem of dealing with people who don't
think the way they would like people to think.  It seems to me that you and
John Gilmore and others are doing exactly the same thing - hoping for
technological censorship to succeed so that you can avoid facing the hard
problem of dealing with people who don't think the way they should (in this
case, the people who happily give away their privacy and accept remote
attestation in return for dancing pigs).  I don't have the power to stop
this technology if folks decide to field it.  I have only my own reason and
skills.

 - Carl


+------------------------------------------------------------------+
|Carl M. Ellison         cme@xxxxxxx      http://theworld.com/~cme |
|    PGP: 75C5 1814 C3E3 AAA7 3F31  47B9 73F1 7E3C 96E7 2B71       |
+---Officer, arrest that man. He's whistling a copyrighted song.---+ 

> -----Original Message-----
> From: Seth David Schoen [mailto:schoen@xxxxxxxx] On Behalf Of 
> Seth David Schoen
> Sent: Sunday, December 21, 2003 3:03 PM
> To: Carl Ellison
> Cc: 'Stefan Lucks'; cryptography@xxxxxxxxxxxx
> Subject: Re: Difference between TCPA-Hardware and a smart 
> card (was: example: secure computing kernel needed)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx