On Mon, Jun 24, 2002 at 08:15:29AM -0400, R. A. Hettinga wrote: > Status: U > Date: Sun, 23 Jun 2002 12:53:42 -0700 > From: Paul Harrison <[EMAIL PROTECTED]> > Subject: Re: Ross's TCPA paper > To: "R. A. Hettinga" <[EMAIL PROTECTED]>
> The > important question is not whether trusted platforms are a good idea, but > who will own them. Purchasing a TCP without the keys to the TPM is like > buying property without doing a title search. Of course it is possible to > _rent_ property from a title holder, and in some cases this is desirable. > > I would think a TCP _with_ ownership of the TPM would be every paranoid > cypherpunk's wet dream. A box which would tell you if it had been tampered > with either in hardware or software? Great. Someone else's TCP is more > like a rental car: you want the rental company to be completely responsible > for the safety of the vehicle. This is the economic achilles heal of using > TCPA for DRM. Who is going to take financial responsibility for the proper > operation of the platform? It can work for a set top box, but it won't fly > for a general purpose computer. In general, I'm very fond of this sort of ownership analysis. If I have a TCPA box running my software, and thinking that its mine, how do I know there isn't one more layer? Leave it off, and my analysis is simpler. I suspect that verifying ownership of the TPM will be like verifying ownership of property in modern Russia: There may be a title that looks clean. But what does the mafia think? What about the security services? There may even be someone with a pre-Bolshevik title floating around. Or a forgery. Hard to tell. It's annoying to have one's transaction costs pushed up that high. I can get very high quality baseline software today. What I need for my cypherpunk wet dreams is ecash, and a nice anonymizing network. What I also need is that the general purpose computing environment stay free of control points, in Lessig sense. Adam