On 10/02/07, Michael Sparks wrote: > On Friday 09 February 2007 18:26, Tim Thornton wrote: >... > > I can trust your computer not to reveal my secrets to you, > > Do you not see how this is a bad thing - how this can be abused? > > I buy a car. It does what I tell it (well it would if I drove). I buy > a hammer it bangs what I want to bang. I buy a phone. It phones where > I tell it. I buy a general purpose computer, it does what I tell it. > Or should. I need to be able to trust *my* machines, if it doesn't do > what I tell it, I can't trust it. I don't want *my* property keeping > secrets from me.
Your machine will do what you tell it to. It's just that there are secrets you can't access. That includes your secrets, you just get to use the result of their manipulation. This is good, because *your* property is keeping your secrets safe from rogue applications/viruses. As well as the ability to store secrets, the TPM also has some other abilities. It can "measure" the system as it boots, so you can be sure that the operating system and application loaded are what you're expecting. It also contains a monotonic counter - that's a counter that will only increment. That allows protection against replay attacks, where for example the system clock is rolled back to enable some demo software to be used for longer than the trial period. > If you do not trust me, but wish to deliver it by machine, then it is > up to you to provide to me a machine *you* trust, it is not up to me > to provide *you* a machine that you trust. If you are willing to provide me with a machine that I can trust, then I can deliver to you by machine. If you're not willing to provide that, we can agree to not transact. If the music industry are willing to deliver songs to you by machine, isn't it for you to provide that machine if you want to take advantage of that offer? Unfortunately, I had to buy my own CD player... ;) > Also, its a false "trust". Your "secret" is audio and video. That's > not a secret at all. In the DRM case, the secret is a rights object. That contains a decryption key and information about what you're allowed to do (number of plays, key validity). The plaintext audio/video is not nearly as valuable. > BTW, I'm not arguing the /technology/ is broken. After all, using the > same technology you can make things like secure personal storage are > more secure and trustable by the user: > * http://www.linuxjournal.com/article/6633 Now we're on the same page... :) Tim -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
