Full Disclosure mailing list archives
Re: Trustworthy Computing Mini-Poll
From: Simon Richter <Simon.Richter () hogyros de>
Date: Fri, 20 Dec 2002 01:35:07 +0100
Hi Andrew, On Thu, Dec 19, 2002 at 09:06:58AM +0200, Andrew Thomas wrote:
form a lobby group and ask for the "owner + web of trust" solution. It is technically doable and in the line of liberalism, so I think it has a good chance of becoming law.
I might be missing something, but how does software/hardware limitation of personal control fall under the description of 'in the line of liberalism'?
I was talking about the "web of trust model", where the owner of the computer decides whom to trust as an introducer and whom to trust as a software vendor. So this doesn't in fact limit your personal control over what software runs on your computer, as you can always sign it yourself. Since a lot of users do not (want to) understand what a web of trust is, a number of "trust centers" will pop up, competing for software developers (=> reasonable price). The OSS people will simply use their own web of trust, and people wishing to install OSS software can also enter this web at the next signing party or compile and sign the software themselves. The only thing that is bad about being liberalist here is that M$ gets to decide whose keys they ship with Windows -- but as long as the user is able to install new keys and express trust into them, users will still vote with their feet (if M$'s pricing is unresonable, we tell people to install a certain key in the manual -- and that key will probably belong to a group of software developers). On the copy protection side, customers will have the choice between buying combo hardware (DVD drive, gfx card, sound card, special cable inbetween, all from the same vendor) and using a non-TCPA CPU or selecting hardware from different vendors and using a TCPA CPU. In fact I think the copy protection features in the TCPA hardware will be born dead, since a hardware-only scheme is much cheaper, and customers will be happy about the CPU time saved by decoding that MPEG stuff in hardware. I'm still wondering whether TCPA or the hardware schemes are in fact weaker -- TCPA can probably be cracked in software, but OTOH a lot of the hardware solutions will be security-by-obscurity or at least one of them may have a small flaw (a chosen-plaintext attack may be enough of a hole for a mod chip).
To answer your question, I would personally be quite happy for the technology to be developed, as long as it wasn't forced on me by law.
Would you buy/use it if you had the choice? I mean, there are a lot of advantages... :-) Simon -- GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4
Attachment:
_bin
Description:
Current thread:
- Trustworthy Computing Mini-Poll smcalearney (Dec 16)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 18)
- RE: Trustworthy Computing Mini-Poll Andrew Thomas (Dec 18)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 19)
- Re: Trustworthy Computing Mini-Poll yossarian (Dec 19)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 20)
- Re: Trustworthy Computing Mini-Poll Ron DuFresne (Dec 20)
- Re: Trustworthy Computing Mini-Poll Bruce Ediger (Dec 20)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 20)
- Re: Trustworthy Computing Mini-Poll yossarian (Dec 20)
- Re: Trustworthy Computing Mini-Poll Thomas Sjögren (Dec 21)
- Re: Trustworthy Computing Mini-Poll Georgi Guninski (Dec 22)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 22)
- Re: Trustworthy Computing Mini-Poll Peter van den Heuvel (Dec 22)
- RE: Trustworthy Computing Mini-Poll Andrew Thomas (Dec 18)
- Re: Trustworthy Computing Mini-Poll Simon Richter (Dec 18)