I spent considerable time a couple years ago on these lists arguing that people should have the right to use this technology if they want. I also believe that it has potential good uses. But let's be accurate.
> Please stop relaying FUD. You have full control over your PC, even if this > one is equiped with a TCPA chip. See the TCPA chip as a hardware security > module integrated into your PC. An API exists to use it, and one if the > functions of this API is 'take ownership', which has the effect of > erasing it and regenerating new internal keys. It is not true that the TPM_TakeOwnership command erases and regenerates the internal keys. It does generate a new Storage Root Key, which is used for encrypting local data. But the main controversy around TC is the Remote Attestation feature. That uses a key called the Endorsement Key, EK. It is an RSA public key generated on chip at manufacture time, before it comes into the user's hands. The manufacturer issues a certificate on the public part of the EK, called the PUBEK. This key is then used (in a somewhat roundabout manner) to issue signed statements which attest to the software state of the machine. These attestations are what allow a remote server to know if you are running a client software configuration which the server finds acceptable, allowing the server to refuse service to you if it doesn't like what you're running. And this is the foundation for DRM. The point is that the user can't change the PUBEK. Only one is generated per chip, and that is the only one which gets a certificate from the manufacturer. The private part of this key never leaves the chip and no one, not the user and not the manufacturer, ever learns the private key. Now, my personal perspective on this is that this is no real threat. It allows people who choose to use the capability to issue reasonably credible and convincing statements about their software configuration. Basically it allows people to tell the truth about their software in a convincing way. Anyone who is threatened by the ability of other people to tell the truth should take a hard look at his own ethical standards. Honesty is no threat to the world! The only people endangered by this capability are those who want to be able to lie. They want to agree to contracts and user agreements that, for example, require them to observe DRM restrictions and copyright laws, but then they want the power to go back on their word, to dishonor their commitment, and to lie about their promises. An honest man is not affected by Trusted Computing; it would not change his behavior in any way, because he would be as bound by his word as by the TC software restrictions. But I guess Cypherpunks are rogues, theives and liars, if my earlier interactions with them are any guide. It's an ironic and unfortunate turn for an organization originally devoted to empowering end users to use new cryptographic technologies in favor of what was once called crypto anarchy. TC is the ultimate manifestation of anarchic behavior, a technology which is purely voluntary and threatens no one, which allows people to make new kinds of contracts and commitments that no one else should have the right to oppose. And yet Cypherpunks are now arch collectivists, fighting the right of private individuals and companies to make their own choices about what technologies to use. How the worm has turned. Another poster writes: > Please stop relaying pro-DRM pabulum. The only reason for Nagscab is > restricting the user's rights to his own files. > Of course there are other reasons for having crypto compartments in your > machine, but the reason Dell/IBM is rolling them out is not that. A sad illustration of the paranoia and blinkered groupthink so prevalant on this mailing list today. Imagine, Dell is providing this chip as part of a vast conspiracy to restrict the user's rights to his own files. Anyone whose grasp on reality is so poor as to believe this deserves what he gets. The truth is, frankly, that Dell is providing this chip on their laptops simply because laptop owners like the idea of having a security chip, most other laptop companies offer them, and the TCG is the main player in this space. Dell is neither seeking to advance my liberatarian goals nor promoting the conspiracy-theorist vision of taking away people's control over their computers. The truth is far more mundane.
