"Tim Thornton" <[EMAIL PROTECTED]> writes: ... > No, this /is/ an implementation problem, and can be overcome with a > trusted hardware element on the platform. At that stage, the hoop > will be more than simply running some code.
Trusted element? Trusted by whom? The so-called "trusted computing" platform
is a double edged sword - whilst it can be used by a user to implement a data
store they personally trust[1] the situations where a it is used by a remote
party to trust the user, is from a users perspective not trustable.
The reason for this is it places an element of _their_ hardware under the
control of a third party. This is actually a _untrustable_ hardware element
from the perspective of the perspective of the user. There have been somewhat
less flattering descriptions of this.
Personally I'd prefer it if people stated by *whom* such hardware elements
are to be trusted in these discussions. Personally I prefer to own hardware
devices that do what I tell them to, when I tell them to, and how.
Otherwise you're (probably inadvertantly) continuing the false implication
that such systems are more trustable by their _owners_ whereas in practice
it depends on HOW such systems are controlled by software installed on them
as to whether the system is more trustable by their owners (safe personal
store) or by third parties.
[1] Since you can access the TCPA from userspace to store/retrieve keys to
make encrypting your own file system under your control & passphrase.
(There's a tutorial for this in a Linux World issue from about 3 or 4
years ago which is quite interesting)
(as an aside, given you can emulate a TCPA based system in software however
even that doesn't really actually solve your implementation issue, since
you just virtualise the entire platform including TCPA module - which would
of course happen if you provide people with a sufficient incentive...)
Michael.
--
Michael Sparks, Senior Research Engineer, BBC Research, Future Media &
Technology,
[EMAIL PROTECTED], Kamaelia Project Lead, http://kamaelia.sf.net/
*** The above comment is purely personal, and I have no idea if the ***
*** opinion expressed it's shared by my employer or not. ***
<<winmail.dat>>
