TPM I control: GOOD. TPM "they" control: BAD

wowbagger

Sat Nov 04 05:46:32 -0800 2006

manage

In and of itself, having a hardware device that does encryption, decryption, and cryptographic signing is wonderful. Personally, I'd like to be able to sign all executables on my system - put the sig into an extended attribute in the file system - and tell the kernel "If is isn't signed, it doesn't run.".

The operative words are I SIGN - as in "I determine what keys are valid." Not Apple. Not RedHat. Not Mozilla.org. Most certainly NOT MICROSOFT OR THE ??AA. I don't mind - in fact I want - the RPMs released by RedHat signed by RedHat, so that I can have a degree of trust that what I downloaded is what they released. But I, as sysadmin of my system, need to have final say as to what gets to run, what gets encrypted, what gets "rights managed".

So long as *I* get to set up the keys in the firmware boot loader, as long as *I* can sign my kernel and have it run - I say "Bring it!"

But yes, the big concern is that, once the hardware is ubiquitous, then one day a "critical update" comes along, and suddenly I cannot set up the keys. And I am sorry, but I trust neither Apple nor Microsoft to NOT do exactly that.

TPM I control: GOOD. TPM "they" control: BAD

Bhima

Sat Nov 04 07:32:30 -0800 2006

manage

This is exactly along my lines of thinking...

There isn't exactly a long list of technology companies I trust.  I certainly don't trust Apple despite the fact that I find their OS worth the tax of buying their hardware.  I think it's obvious that Microsoft sees their true customer as the content providers (or perhaps the IT department of a very, very large company) and not the end user.   I'm not sure trusting a motherboard manufacturer is particularly useful because as you pointed out you are a single "critical" update away from disaster.

I haven't given it that much thought but I fear that by making it removable (and getting it out of an outside vendor's control) you reduce the utility of the device somewhat.  Perhaps there is way to overcome this.  On the other hand how do you design a device that the implementing hardware manufacturer can not control and then how do you convince them to include a device that they can't control?  Honestly given the the pinout of the device it can't be that hard to incorporate into something else... say like a USB key or PCcard or something.  I've never looked at devices in this category, perhaps this is what they do.

On the plus side I find it somewhat enjoyable that a small chip, which I was suspicious of, that I actually own and do not use... actually can be used and used in a interesting way.  Unfortunately my daughter, who uses the Mac that contains it, does not share my enthusiasm.  Worse, my Mac is a PowerMac and thus lacks this chip.

Still, I do feel that I need to encrypt my data, particularly the intellectual property belonging to myself and to my day job; and nowhere do I feel it's more important to have strong encryption than when I am in transit to US.

As far as signed updates, as an intellectual exercise I think it is very interesting to think of a OS distribution which dispersed nearly entirely in a Person-to-Person manner.  In fact I think if someone could come up with such a design which met the security requirements of the OpenBSD crowd, it would be quite an interesting achievement.

TPM I control: GOOD. TPM "they" control: BAD

pyro9

Sun Nov 12 08:36:57 -0800 2006

manage

TPM itself, like most technology is ethically neutral. It can provide a greater degree of control and security to legitimate owners or it can prevent true ownership of a device. Which one depends on who holds the root key to the TPM.

None of this would be a problem if we had a strong legal principle that acknowledged the ethical understanding that he who controls a device is it's true owner. That control may be legal (the rental company has the right to demand it's return) or practical (if I say copy this, will it always do so no matter what someone else prefers).

Currently, the law doesn't understand that ownership and control are inseperable. That is, it doesn't accept the ethical principle that if I tell my DVD player to skip the commercial and it refuses as a result of programming, then I have been defrauded (I paid to own the device but the transfer of ownership was illusory). In particular, if the device is rigged to actively thwart my attempts to change it's behavior, I have been defrauded.

By extension to general consumers, if the law respected that ethical principle it would have no problem at all if I want to hire someone to make my Xbox ignore any authentication whatsoever. As the owner I have that right. By extension, the person I hire has the right to do it on my behalf. That modification may permit me to do other things using the device that are not my legal or ethical right to do, but that is a seperate issue.

The strongest legal principle of ownership would have it illegal for Microsoft to artificially limit the Xbox in the first place.

In that legal environment, I would have no problem with TPM or trusted computing itself so long as the law also made sure that it was still possible to buy a computer at close to the marginal cost of production. That as opposed to a scheme where all computers are only available as lifetime rentals. Noyte that I would still have ethical problems with DRM.

Unless or until the law gains respect for the ethical principles of ownership, perhaps we are better off if TPM doesn't exist. The benefit of greater security is not worth the risk of never actually owning a new computer again.

Taking a larger view for a moment, if the law in the U.S. fails to support a strong concept of individual ownership, we are NOT a capitalist country.