From: Christian Szegedy (szegedy@or.uni-bonn.de)
Date: Wed Apr 09 2003 - 06:30:45 MDT
> Just found out about the link below. This certainly hasn't been getting
> publicity over here.
>
> http://www.againsttcpa.com/tcpa-faq-en.html
>
> How serious is this?
>
I would say that the FAQ there is quite outdated
and far from being correct.
The biggest problems with that FAQ is that it
does not make any difference between TCPA (TPM)
and Microsoft NGSCB (Next Generation Secure
Computing Base, earlier: Palladium).
In factm, the TCPA is not capable of most things
described in the opponents FAQ. It is simply a
cryptography chip without any capabilities for
storing "revocation lists", checking codes etc.
There are interesting papers at
http://www.research.ibm.com/gsal/tcpa/
about tcpa.
On that other hand side the FAQ can be taken
seriously if you replace TCPA by Palladium
(or NGSCM). In fact all the capabilities described
in the fact will be integrated into the next
version of Windows including code checking,
reocation lists and alike.
However you can't say that TCPA is completely
harmless: TCPA (TPM) chips can be an a critical
component of M$-s NGSBC strategy, if they are
included in all peripherals including CD-players,
displays etc.
So, my analysis is : the TPM chip is harmless
if it is only included in the PC. It can be a
real problem in the peripherals in connection
with M$-s and Intels NGSCB initiative.
The problem with the current "against-tcpa-FAQ" is
that it is technically incorrect and therefore
unnecessarily disrupts the reputation of the
opponents of Palladium.
The biggest problem with Palladium(=NGSCB) is
that it will only allow "trusted" applications
to use some functionality of the box, where
"trusted" means that the binary(!) will run
only if it is signed by a certification
authority (most probably M$) for a good amount
of money. This could end the era of freewares and
open source softwares...:(
Best Regards, Christian
This archive was generated by hypermail 2.1.5 : Wed Apr 09 2003 - 06:43:20 MDT