On 09/02/07, Nic James Ferrier wrote: > "Tim Thornton" <[EMAIL PROTECTED]> writes: > > > I believe it to be orthogonal to DRM. In the trusted computing space, > > your secrets are secret, as are mine. I can trust your computer not to > > reveal my secrets to you, and you can trust that I can't get at > > yours. > > But I see this as a bad thing: > > If you leave your secrets on my computer I want to be able to read > them. It's my computer. Not yours.
Ok. But in that case I won't send them to you. If you invite my secrets to be on your machine, I want to know that they're secret. > If you were a criminal who used my computer I want to know what you > left on it. I'm sure. > > But the computer isn't constrained. There's an environment within it > > that is. > > I don't see the subtelty of this point at all. A computer with a so > called trusted element *is* constrained. If the facility is there it > will be used - it is surely nonsense to suggest that the trusted > component is there but won't be used? No, in the PC space it's only constrained if you want it to be. Most PCs sold today have a TPM, which is rarely used (I've only met one person so far who uses their TPM, and I work in the industry). You need to enable it. You can use it to constrain your PC if you want (eg by enforcing a secure boot process), but it is only the basis of trust on your platform. If you don't want other people to use it, you don't need to let them. > > You are right that the computer will need a "root of trust" > > which will be provided by a corporation, but when that corporation is > > founded on selling trust (think Verisign, Entrust, Thwate or whoever) > > the incentive to not abuse it is massive. > > Not a good example. All the SSL companies I know have had problems > with their procedures and sometimes abused their positions. I've not come across any such abuse, but ok. > Anyway, this is the root of the argument. Whether my PC is wholly mine > or whether there should be a feature within it that allows you to come > and put stuff on there that I can't tamper with (and I can do the same > to your computer of course). No - your PC /is/ wholly yours. There's a feature that allows you to invite me to put stuff on I can't tamper with. But I can't randomly take control of your computer. > A whole bunch of us don't like this. We do understand it. But we don't > like it. A whole bunch of people don't like this because RMS and Ross Anderson told them it was bad, but have no understanding of what the technology actually is. I'm sure you do understand it, but let's have the debate so that those who only hear the hype can make an informed decision. > So Nya. }:p -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/