On Sun, Feb 09, 2003 at 02:32:13PM -0800, Mike Rosing wrote:
> TPM != TCPA. TCPA with *user* control is good.
The TPM is a mandatory part of the TCPA specifications.
There will be no TCPA without TPM.
And there will be no TCPA-enabled system with complete user control.
Just look at the main specification:
- users can't access nor alter the Endorsement Key
- the TPM can't be disabled completely. This allows operating systems
that bind ("product activation" ?) themselves to an unique TPM and
refuse to start if it's not fully activated.
If a system doesn't meet these reqirements (as the IBM paper suggests)
it isn't a TCPA system.
> > Therefore for DRM purposes TCPA and Palladium are both socially bad
> > technologies.
>
> It's bad only if the *user* does not have control over their own machines.
> If each enterprise can control their own machines, completely
> independently of all other external organizations, then TCPA could be
> really useful. If only Bill Gates controls all machines, it's bad for the
> rest of us (but pretty damn good for Bill!!)
TCPA uses some interesting possibilities that may enhance system
security. But with the current specifications, it likely destroys any
privacy that's left on todays systems.
--
Michel Messerschmidt [EMAIL PROTECTED]
antiVirusTestCenter, Computer Science, University of Hamburg
