[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Part 1: Ownership and Contracts

From: Marcus Brinkmann
Subject: Re: Part 1: Ownership and Contracts
Date: Sat, 06 May 2006 11:50:21 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Sat, 6 May 2006 09:35:32 +0200,
Pierre THIERRY <address@hidden> wrote:
> [1  <multipart/signed (7bit)>]
> [1.1  <text/plain; us-ascii (quoted-printable)>]
> Scribit Michal Suchanek dies 05/05/2006 hora 15:26:
> > > But this control is a very very hypothetical one, and I'm not even
> > > sure it is theoretically possible. There you do not take active
> > > defense, but merely paranoid abusive defense, IMHO.
> > I do not think that this is very hypothetical. The manufacturer of the
> > TPM chips is in a position where their components cannot be verified
> > (because their function requires that) yet the chips are the central
> > part that guarantees the security and reliability of a DRM system (or
> > any system using the TPM chip).
> It is not central in security nor in reliability! It provides only a
> certification mechanism, and has nothing to do with securing the system
> from outside. And it has absolutely nothing with the reliability of the
> system...
> So the chip, for what I know, is totally unable to give anyone control
> over the system. If there is the slightest chance of it, just advocate
> very strongly for the TC chip to be removable and replaceable.

Having the certification authority constitutes having control over the
whole DRM system.  This is exactly what it means.

Your objection really surprises me, because this is usually not
disputed.  I think the problem may be in a misunderstanding of the
word "control".  The word control here must be interpreted in the
following sense: If you had the root key that is stored hidden in the
"trusted computing component", what could you do that you could not do
without having that root key?  Once you think about it for a minute
you will find out that if you only had that root key, this knowledge
would immediately defeat the purpose of the "trusted computing"
component in its entirety.

> > And while a certificate can be revoked, revoking TPM chips may be much
> > harder.
> Which is a very strong flaw in it's design. It should be possible to
> change it, I think.
> And if you're not happy with it, maybe you could burn it.

This is the passive defense that, I think, in practice will not work.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]