[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Part 1: Ownership and Contracts

From: Michal Suchanek
Subject: Re: Part 1: Ownership and Contracts
Date: Sat, 6 May 2006 06:52:13 -0700

On 5/6/06, Pierre THIERRY <address@hidden> wrote:
Scribit Michal Suchanek dies 05/05/2006 hora 15:26:
> > But this control is a very very hypothetical one, and I'm not even
> > sure it is theoretically possible. There you do not take active
> > defense, but merely paranoid abusive defense, IMHO.
> I do not think that this is very hypothetical. The manufacturer of the
> TPM chips is in a position where their components cannot be verified
> (because their function requires that) yet the chips are the central
> part that guarantees the security and reliability of a DRM system (or
> any system using the TPM chip).

It is not central in security nor in reliability! It provides only a
certification mechanism, and has nothing to do with securing the system
from outside. And it has absolutely nothing with the reliability of the

Ehm, the chip has two functions
-secure key storage
-OS attestation

If you rely on either of these it is central to security and
reliablity. If you do not, the chip is useless as it does not provide
any other function.

Both of these function assume some property of the chip that cannot be
verified. For key storage it is durability non-disclosure of the keys
(in fact, there is even no attempt to guarantee durability of the
keys). For attestation it is non-forgeability of the signature. Both
is solely in the hands of the designer and producer of the chips.

So the chip, for what I know, is totally unable to give anyone control
over the system. If there is the slightest chance of it, just advocate
very strongly for the TC chip to be removable and replaceable.

> And while a certificate can be revoked, revoking TPM chips may be much
> harder.

Which is a very strong flaw in it's design. It should be possible to
change it, I think.

And if you're not happy with it, maybe you could burn it.

If you use a free OS and a piece of hardware that is not completely
horrible you should be able to just ignore it.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]