[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Part 1: Ownership and Contracts

From: Michal Suchanek
Subject: Re: Part 1: Ownership and Contracts
Date: Fri, 5 May 2006 15:26:57 -0700

On 5/4/06, Pierre THIERRY <address@hidden> wrote:
Scribit Marcus Brinkmann dies 04/05/2006 hora 15:34:
> I am not saying that they in fact, do have that control.  I am only
> saying that they are the ones that could have that control.  This
> makes them nominally, the one in control, even if they do not make use
> of that.  Even if they _can not_ make use of it, because they took
> precautions to make it impossible for them to exercise that control.
> The reason is that you have no guarantee that they in fact, took these
> precautions, and in fact, do not exercise that control.

I'm pretty sure your text about DRM is written with the strong
assumption that would use this control. At least that is how I've
understood your text.

But this control is a very very hypothetical one, and I'm not even sure
it is theoretically possible. There you do not take active defense, but
merely paranoid abusive defense, IMHO.

I do not think that this is very hypothetical. The manufacturer of the
TPM chips is in a position where their components cannot be verified
(because their function requires that) yet the chips are the central
part that guarantees the security and reliability of a DRM system (or
any system using the TPM chip).

A similar example of security model that relies on central authority
is SSL encryption. There are CAs (certificate authorities) who issue
certificates for SSL enabled web servers. Web browsers ship with CA
root certificates preinstalled so that they can check that a web
server has a 'properly' issued certificate. There are CA policies, CA
certifications, and whatnot.
Yet there is a bug [1] in Mozilla's bugzilla describing problems of
this system at great lengths (among some useless whining). One of the
comments also mentions that Verisign (one of the certified,
'trustworthy' CAs) issued Microsoft code signing certificate to a
Admittedly I have not verified this. But the comment is there for
quite some time and I am quite positive that somebody would have
corrected it if it was without merit.
Anyway, the point is that such a 'trusted' third party is in a
position where their procedures cannot be verified to be correct. You
can only tell that something went wrong after the fact. Perhaps it
could take quite some time to discover. And while a certificate can be
revoked, revoking TPM chips may be much harder.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]