Re: [backstage] DRM and hwardware attitudes
TinyURL to save the copy-paste-linebreak fixing for the huge 4OD url http://preview.tinyurl.com/ycud7p On 15/02/07, Dave Crossland [EMAIL PROTECTED] wrote: On 15/02/07, Richard P Edwards [EMAIL PROTECTED] wrote: Looks like the negative relationship can go even further :-) http://help.channel4.com/SRVS/CGI-BIN/WEBCGI.EXE/,/? St=19,E=0069424,K=4792,Sxi=17,CASE=1363 Oh well, back to the torrents. Or off to sweden! ;-) http://svt.se/svt/road/Classic/shared/mediacenter/index.jsp?d=37591 -- Regards, Dave - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
Imagine if your local library imposed DRM on the books it lent you, you'd only be able to read them in certain places with certain light sources. Why do you accept unreasonable restrictions (even paying for the privilege) on music that you'd never except with the written word? Well libraries have a separate system. They lend you the books for free for (say) a month, and once you break the terms and conditions of the library (i.e. you don't return your book on time) they fine you.A library is not after all, a free for all. And that's in a way what DRM is all about - upholding the terms and conditions of your usage of the file. Of course an alternative way would be to automatically fine you every time you breached the terms and conditions. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
Hello http://news.bbc.co.uk/1/hi/technology/6353889.stm DRM software like Apple's Fairplay or Microsoft's Windows Media DRM should properly be called digital restriction management, since its primary goal is to limit what purchasers can do with downloaded content. (from Bill Thompson) Isn't the argument for DRM all but already lost? Why automatically regard purchasers as suspect criminals ... seems like a very negative relationship to have with your customers. A lot of the time record companies, for instance, have already had so many bites of the cherry selling music on vinyl, then the same music again on tape, CD and now as downloads. Don't think the BBC should waste time and money DRMing content that it provides. It doesn't DRM content on its TV and radio stations, so why should it discriminate against people who access material online? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andrew Bowden Sent: Tuesday, February 13, 2007 9:39 AM To: backstage@lists.bbc.co.uk Subject: RE: [backstage] DRM and hwardware attitudes Imagine if your local library imposed DRM on the books it lent you, you'd only be able to read them in certain places with certain light sources. Why do you accept unreasonable restrictions (even paying for the privilege) on music that you'd never except with the written word? Well libraries have a separate system. They lend you the books for free for (say) a month, and once you break the terms and conditions of the library (i.e. you don't return your book on time) they fine you.A library is not after all, a free for all. And that's in a way what DRM is all about - upholding the terms and conditions of your usage of the file. Of course an alternative way would be to automatically fine you every time you breached the terms and conditions. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
On 11/02/07, Michael Sparks wrote: On Saturday 10 February 2007 22:28, Tim Thornton wrote: Your machine will do what you tell it to. It's just that there are secrets you can't access. Regarding the point above, that's the issue here. Whilst you're happy with owning a computer that will keep secrets from you, I'm not. That's a minor detail though - kinda you say potato I saw potato - we're unlikely to agree. Much like attitudes to IP ownership, I suspect! :) (We both agree they keep their secrets from the user, from your perspective I still retain control, from mine I don't.) Unfortunately, for it to provide security to the level that it does, those private keys must be unavailable outside the TPM. I do understand where you're coming from, but you can think of it like any hardware resource; it has certain properties. I can write to a CD-R, but I can't erase that data (in software) once written. Or at a slightly different level, my file system prevents me from modifying files I don't have permission to access. Thanks for the references and explanation - I'll read up on the references, you never know when the positive uses of the technology will be handy. A genuine pleasure to have helped. Cheers, Tim -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
Re: [backstage] DRM and hwardware attitudes
On Saturday 10 February 2007 22:29, Tim Thornton wrote: [ lots of interesting material ] Having read /some/ of this now, it might useful to repeat in back to help others in the thread understand the basic ideas, or to allow me to be corrected if I've misunderstood :-). (The DRM use case will stay controversial, but I suspect understanding what's going on is useful.) In a trusted computing scenario, you don't actually own one computer, you own two in a single box - it just looks like one. (well, given the amount of tech inside a PC these days, its more a minimum of two computers in the box, a GPU can be called a computer as well) +-+ +---+ | TPM || Main computer | | | | (running some OS) | +-+ +---+ The TPM by definition of being a computer has its own CPU, local storage, and so on. Part of it's design is that at manufacture it is given it's own private/public key pair. At this stage, this is little different (conceptually) from 2 computers connected over a network by an ssh link. The difference is that the connection is significantly harder to snoop. However, in the way it's used, it more resembles the way SSL - ie https for those unfamiliar. With SSL there's two modes: * Trusted secure * Untrusted secure In both scenarios you have exchange of keys in order to set up a session key for allowing you to be happy with sending your credit card details over the network (among many other uses). This is what I mean by secure. However you can have a secure link directly to someone pretending to be your bank, so you don't know if the link is trusted. Well, in SSL/TLS/HTTPS (take your pick, the principles are the same), you essentially get your public key signed by a trusted third party. These trusted third parties include Verisign, Thawte [1] etc. [1] Founded by Mark Shuttleworth, which is where he made his fortune, and is the reason Ubuntu exists today... ie You can either run a SSL/TLS enabled webserver whose keys have been signed by one of these third parties, or not. ie if you consider the two computers above by the following metaphor: * The TPM as an HTTPS website * The Main computer as a browser Because the keys in the TPM have been signed by someone else, that browser can check to see if the TPM is a real TPM or not. Now the problem with this approach however is that it introduces potential bottlenecks into the system. As a result, there is another step you can add in. Given this basic chain - can you make it such that the main computer can verify the TPM without talking the third party all the time? Well, if you get the TPM to talk (via the main computer in this case hopefully obviously) to another third party you can do this: * The TPM authenticates itself to this other third party * It generates a special key (DAA) which the third party then signs, giving the TPM a certificate. It can sign this using a private key and publish the public key. Let's call that pubic key PK. Applications can either download PK on demand or even compile it into their code. This includes open source apps because it's not a secret. * Any one application who wishes to authenticate any TPM then does this: * It essentially asks the TPM to sign something using this key (DAA), and also provides the certificate as signed by the third party. Since the PK is public, the application can verify the that the thing just signed by the TPM is valid. Again, whilst that may sound relatively esoteric, it's actually very much the same technique as using PGP or GPG for email. You have public/private keys. You get your public key signed by someone. The slight difference (I think) is that recipients can be given another public key to use to verify the sender. As a result, this makes it clearly possible to create a rogue TPM (including virtualised ones) but people can tell the difference. Probably the weakest link in the chain here is the DAA's public certificate, but then that's why revocation gets built in as well. The other obvious weak point is where the TPM's are originally endorsed, since to be useful it needs to be networked, and software bugs are easier to find/exploit than cracking a large address space. To put this into context, your computer can do the equivalent of connecting at startup to a machine only you own, and only you have access to. This machine can be used to check the integrity of your system, and unlock secrets on the system. That machine cannot be accessed directly by others which gives you a level of confidence in this process. Ignoring the DRM usecase or restricting your computer scenarios, having a secure location for helping check system integrity and protecting the contents of your harddrive, is useful. Clearly the same technology can be used by an operating system that wishes to prevent you from (eg)
Re: [backstage] DRM and hwardware attitudes
On 11/02/07, Michael Sparks [EMAIL PROTECTED] wrote: Ignoring the DRM usecase or restricting your computer scenarios, having a secure location for helping check system integrity and protecting the contents of your harddrive, is useful. Sure. When you lose the ability to sign things yourself, effectively losing root access to the machine - like Tivo has done to the computers it sells for several years now - then we have a serious, serious problem. -- Regards, Dave - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
Re: [backstage] DRM and hwardware attitudes
On 11/02/07, Tim Thornton [EMAIL PROTECTED] wrote: I've just reread one of RMS' musings on treacherous computing, and some of what he describes is terrible. But that's not what is on offer! If it was designed to stop your computer from functioning as a general-purpose computer why can I turn it off? Go buy a Tivo and try turning it off :-) -- Regards, Dave - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
Re: [backstage] DRM and hwardware attitudes
On 10/02/07, Tim Thornton [EMAIL PROTECTED] wrote: Your machine will do what you tell it to. It's just that there are secrets you can't access. So if you tell it to access those secrets, and it won't, how is it doing what you tell it to, again? -- Regards, Dave - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
Re: [backstage] DRM and hwardware attitudes
On Friday 09 February 2007 18:26, Tim Thornton wrote: ... I can trust your computer not to reveal my secrets to you, Do you not see how this is a bad thing - how this can be abused? I buy a car. It does what I tell it (well it would if I drove). I buy a hammer it bangs what I want to bang. I buy a phone. It phones where I tell it. I buy a general purpose computer, it does what I tell it. Or should. I need to be able to trust *my* machines, if it doesn't do what I tell it, I can't trust it. I don't want *my* property keeping secrets from me. If you do not trust me, but wish to deliver it by machine, then it is up to you to provide to me a machine *you* trust, it is not up to me to provide *you* a machine that you trust. Also, its a false trust. Your secret is audio and video. That's not a secret at all. BTW, I'm not arguing the /technology/ is broken. After all, using the same technology you can make things like secure personal storage are more secure and trustable by the user: * http://www.linuxjournal.com/article/6633 Michael. -- All the above are my opinions only. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
On 09/02/07, Nic James Ferrier wrote: Tim Thornton [EMAIL PROTECTED] writes: I believe it to be orthogonal to DRM. In the trusted computing space, your secrets are secret, as are mine. I can trust your computer not to reveal my secrets to you, and you can trust that I can't get at yours. But I see this as a bad thing: If you leave your secrets on my computer I want to be able to read them. It's my computer. Not yours. Ok. But in that case I won't send them to you. If you invite my secrets to be on your machine, I want to know that they're secret. If you were a criminal who used my computer I want to know what you left on it. I'm sure. But the computer isn't constrained. There's an environment within it that is. I don't see the subtelty of this point at all. A computer with a so called trusted element *is* constrained. If the facility is there it will be used - it is surely nonsense to suggest that the trusted component is there but won't be used? No, in the PC space it's only constrained if you want it to be. Most PCs sold today have a TPM, which is rarely used (I've only met one person so far who uses their TPM, and I work in the industry). You need to enable it. You can use it to constrain your PC if you want (eg by enforcing a secure boot process), but it is only the basis of trust on your platform. If you don't want other people to use it, you don't need to let them. You are right that the computer will need a root of trust which will be provided by a corporation, but when that corporation is founded on selling trust (think Verisign, Entrust, Thwate or whoever) the incentive to not abuse it is massive. Not a good example. All the SSL companies I know have had problems with their procedures and sometimes abused their positions. I've not come across any such abuse, but ok. Anyway, this is the root of the argument. Whether my PC is wholly mine or whether there should be a feature within it that allows you to come and put stuff on there that I can't tamper with (and I can do the same to your computer of course). No - your PC /is/ wholly yours. There's a feature that allows you to invite me to put stuff on I can't tamper with. But I can't randomly take control of your computer. A whole bunch of us don't like this. We do understand it. But we don't like it. A whole bunch of people don't like this because RMS and Ross Anderson told them it was bad, but have no understanding of what the technology actually is. I'm sure you do understand it, but let's have the debate so that those who only hear the hype can make an informed decision. So Nya. }:p -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
On 09/02/07, vijay chopra wrote: There's not a single benefit that treacherous computing brings that cannot be solved another way, in your example you can hold secrets via any number of numerous encryption methods, my home PC has a whole encrypted partition for data security. Why do I need a so called trusted hardware element at all. Your PC has an encrypted partition - so how do you access the data on it? Somewhere you need a key that must be unencrypted. With a trusted computing system, you generate your private/public key pair in the secure element. The public key will be exposed, but the private key will never leave the device. Oh, and where did you get the idea that DRM is a benefit to the computer's owner? It's a benefit to me, in that I subscribe to an online music library for less than I used to spend on CDs. I have more music, and more money - I call that a benefit. -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
On 10/02/07, Michael Sparks wrote: On Friday 09 February 2007 18:26, Tim Thornton wrote: ... I can trust your computer not to reveal my secrets to you, Do you not see how this is a bad thing - how this can be abused? I buy a car. It does what I tell it (well it would if I drove). I buy a hammer it bangs what I want to bang. I buy a phone. It phones where I tell it. I buy a general purpose computer, it does what I tell it. Or should. I need to be able to trust *my* machines, if it doesn't do what I tell it, I can't trust it. I don't want *my* property keeping secrets from me. Your machine will do what you tell it to. It's just that there are secrets you can't access. That includes your secrets, you just get to use the result of their manipulation. This is good, because *your* property is keeping your secrets safe from rogue applications/viruses. As well as the ability to store secrets, the TPM also has some other abilities. It can measure the system as it boots, so you can be sure that the operating system and application loaded are what you're expecting. It also contains a monotonic counter - that's a counter that will only increment. That allows protection against replay attacks, where for example the system clock is rolled back to enable some demo software to be used for longer than the trial period. If you do not trust me, but wish to deliver it by machine, then it is up to you to provide to me a machine *you* trust, it is not up to me to provide *you* a machine that you trust. If you are willing to provide me with a machine that I can trust, then I can deliver to you by machine. If you're not willing to provide that, we can agree to not transact. If the music industry are willing to deliver songs to you by machine, isn't it for you to provide that machine if you want to take advantage of that offer? Unfortunately, I had to buy my own CD player... ;) Also, its a false trust. Your secret is audio and video. That's not a secret at all. In the DRM case, the secret is a rights object. That contains a decryption key and information about what you're allowed to do (number of plays, key validity). The plaintext audio/video is not nearly as valuable. BTW, I'm not arguing the /technology/ is broken. After all, using the same technology you can make things like secure personal storage are more secure and trustable by the user: * http://www.linuxjournal.com/article/6633 Now we're on the same page... :) Tim -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
On 10/02/07, Michael Sparks wrote: The TPM was designed with this in mind, and each TPM has its own keys. Because they're internal to the TPM and can't be extracted by software, you can have confidence in the TPM's authenticity. This is wy off topic, but how does a remote third party that wants to trust your system tell the difference between (for example): * A remote system that's just been bought that's using the TPM to securely store keys for a secure store/streaming system * A remote system that is running a virtual machine that looks to the operating system sitting inside that virtual machine as if it has a TPM module, and that remote machine looks like its just been installed, and the virtualised OS is otherwise installed identically. It's all about the keys installed at manufacture. Obviously, the TPM is just a computer itself (usually an 8 bit micro, but a computer nonetheless) and could be emulated in software. The security comes from the isolation of the TPM and the main computer - there is memory in the TPM that cannot be accessed from the big bad outside world. By placing a key in the device during manufacture (known as the Endorsement Key - Google Pt 1), there is an identification that cannot be spoofed by a rogue TPM. The public part of the Endorsement Key is signed by a certificate authority as belonging to a particular TPM. Now, an Attestation Identity Key is generated by the TPM for use by an application that wants to check the validity of the TPM. That's a private/public key pair that is signed by the private Endorsement Key. That new key can be sent to the certificate authority, who can check the Endorsement Key's signature - and also if that Endorsement Key has been revoked. If all's ok, the certificate authority signs the Attestation Identity Key, so the application (who also trusts the CA) knows the TPM is ok. There is also a more advanced method for validating the authenticity of a TPM without the need for trusted third party involvement, called Direct Anonymous Attestation. This presentation gives an overview of DAA: http://www.zurich.ibm.com/security/daa/daa-slides-ZISC.pdf Slightly more in depth presentation: https://www.trustedcomputinggroup.org/news/presentations/051012_DAA-slid es.pdf This paper describes in detail with proofs. Exercise for the reader! http://www.hpl.hp.com/techreports/2004/HPL-2004-93.pdf For all intents and purposes the remote third party (eg a person wanting to trust) should get the same responses from the secure system, and the supposedly secure system. If the virtualised TPM has the correct EK, you'd be right. I don't work with these things, but having read the linux journal article[1] sometime back, and knowing how virtualisation works, and the fact that any hardware system can be emulated I can't see how a remote third party can truly tell the difference. [1] For anyone else, if they haven't read this, its worth reading since you'll see that TCPA/TPM is a double edged sword that has many real uses beyond things like DRM. (Once I read it, it struck me that its primary use is for helping lock down a military laptop in the event of it being compromised/stolen in an even more secure fashion than people who are used to used an encrypted loopback device are used to) Thanks for mentioning that. Honestly, DRM != TPM. Although it's intended for day-to-day use in locking down enterprise PCs more than the military. For example, Vista's Bitlocker will take advantage of a TPM to store the drive encryption key (that's the only use that Vista puts the TPM to, as far as I'm aware) The TCG is not oblivious to the bad press it has received from certain in the community. Design decisions are made around principles that seem fine to me. For example, from: https://www.trustedcomputinggroup.org/specs/bestpractices/Best_Practices _Principles_Document_V2_0.pdf Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them; their participation must be opt-in. Subsequently any user can reliably disable the TCG functionality in a way that does not violate the owner's policy. Note the dichotomy between user and owner - I'm using my company's laptop right now, and it's their right to lock it down. But if I were using my desktop, that decision would be mine to make. Based on your comments, I'm guessing that the TPMs themselves have default hardware keys as well as being able to generate keys and those default keys can in fact be authenticated rather than just being able to generated? What's to stop someone opening up the hardware to find out what that is? Obviously that's outside the realms of your average developer, but it's not outside the capabilities of a commercial company. That's right (as explained above). I've mentioned before that security isn't binary, and you only spend as much on security as is economically
Re: [backstage] DRM and hwardware attitudes
Oh, and where did you get the idea that DRM is a benefit to the computer's owner? It's a benefit to me, in that I subscribe to an online music library for less than I used to spend on CDs. I have more music, and more money - I call that a benefit. That requires neither treacherous computing, nor DRM. http://www.allofmp3.com/ gives me that facility cheaper and with more freedom to do as I like with tracks that buy. Imagine if your local library imposed DRM on the books it lent you, you'd only be able to read them in certain places with certain light sources. Why do you accept unreasonable restrictions (even paying for the privilege) on music that you'd never except with the written word?
Re: [backstage] DRM and hwardware attitudes
Tim Thornton [EMAIL PROTECTED] writes: No, in the PC space it's only constrained if you want it to be. Most PCs sold today have a TPM, which is rarely used (I've only met one person so far who uses their TPM, and I work in the industry). You need to enable it. You can use it to constrain your PC if you want (eg by enforcing a secure boot process), but it is only the basis of trust on your platform. If you don't want other people to use it, you don't need to let them. Ok. So let's get rid of it entirely then. You work in the industry and you've only met one person who uses it. So why are firms still putting it in their products? Surely a motherboard would be cheaper without it? No - your PC /is/ wholly yours. There's a feature that allows you to invite me to put stuff on I can't tamper with. But I can't randomly take control of your computer. I never said you could. But you are being disenguous. There is a feature that allows me to let you put stuff on my computer that I can't tamper with, let alone you. A whole bunch of people don't like this because RMS and Ross Anderson told them it was bad, but have no understanding of what the technology actually is. I'm sure you do understand it, but let's have the debate so that those who only hear the hype can make an informed decision. This seems to be the people are stupid argument. I don't believe that. I understand this technology and I believe it threatens my freedom. I'm fairly sure that everyone I have heard describing their fears about such a module also understood it. }:p Have you got funny hair or something? -- Nic Ferrier http://www.tapsellferrier.co.uk for all your tapsell ferrier needs - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
Re: [backstage] DRM and hwardware attitudes
On Saturday 10 February 2007 22:28, Tim Thornton wrote: ... Regarding the other longer mail, many thanks for that - I'll read up on the references. I'd made some assumptions about the system, but hadn't realised that there were some keys I was unaware of the the TPM and the fact that there is a signing authority involved as well (I know of someone who may be interested in this you see). Given that I can see how difficult it would be to fake the necessary environment. (People would just resort to re-encoding after it hits the analogue domain then and ignore the whole thing) Your machine will do what you tell it to. It's just that there are secrets you can't access. Regarding the point above, that's the issue here. Whilst you're happy with owning a computer that will keep secrets from you, I'm not. That's a minor detail though - kinda you say potato I saw potato - we're unlikely to agree. (We both agree they keep their secrets from the user, from your perspective I still retain control, from mine I don't.) After all, I'm happy with the idea that I can use it for all the obvious examples of it protecting my secrets though. A company storing its accounts information including my credit card details on a TCPA based system would be preferable to one that didn't. (After all companies are subject to burglaries, thefts, and losses of various kinds) Thanks for the references and explanation - I'll read up on the references, you never know when the positive uses of the technology will be handy. Regards, Michael. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
On 10/02/07, Nic James Ferrier wrote: You work in the industry and you've only met one person who uses it. So why are firms still putting it in their products? Surely a motherboard would be cheaper without it? Of course it's cheaper not to install a TPM, but it's chicken and egg - to take advantage of its facilities, an enterprise needs a large proportion of its PCs to be enabled. No - your PC /is/ wholly yours. There's a feature that allows you to invite me to put stuff on I can't tamper with. But I can't randomly take control of your computer. I never said you could. But you are being disenguous. There is a feature that allows me to let you put stuff on my computer that I can't tamper with, let alone you. No, I'm really not being disingenuous. We both agree the feature is under your control. If you don't want to use it, you don't have to. Your PC is wholly yours. A whole bunch of people don't like this because RMS and Ross Anderson told them it was bad, but have no understanding of what the technology actually is. I'm sure you do understand it, but let's have the debate so that those who only hear the hype can make an informed decision. This seems to be the people are stupid argument. I don't believe that. I understand this technology and I believe it threatens my freedom. I'm fairly sure that everyone I have heard describing their fears about such a module also understood it. How is this, people are stupid? What I said was that some people are not informed. (Hey, we're back on topic - Educating, Informing Entertaining, all in one thread!) Look at Vijay's assertion regarding his encrypted partition, and how that obviated the need for a trusted element - when the protection of encrypted partitions is one of the primary use cases for TPMs. I've just reread one of RMS' musings on treacherous computing, and some of what he describes is terrible. But that's not what is on offer! From RMS at http://www.gnu.org/philosophy/can-you-trust.html: In the past, these were isolated incidents. Trusted computing would make it pervasive. Treacherous computing is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission. Which is absolute balderdash. If it was designed to stop your computer from functioning as a general-purpose computer why can I turn it off? }:p Have you got funny hair or something? No, I had my hands to my head and was waving my fingers. :) Nya. -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] DRM and hwardware attitudes
On 08/02/07, Nic James Ferrier wrote: Tim Thornton [EMAIL PROTECTED] writes: No, this /is/ an implementation problem, and can be overcome with a trusted hardware element on the platform. At that stage, the hoop will be more than simply running some code. Do you work for ARM? I do, but I'm posting as an individual. If so maybe you have a different perspective on these things but it I think we all agree on the logic: DRM requires constrained computer hardware No, strong DRM requires a hardware element to be constrained. the difference between you and Dave (and me! and Stallman!) is that you are not worried about having a constrained computer. I welcome it. Having a region of my computer that is independent of the regular computer gives me confidence that I can hold secrets on my PC. The whole purpose of trusted computing in its widest sense is to provide an environment where anyone can have trust. There are many uses for it, often directly beneficial to the owner, and DRM is only one. In fact, it's not the strongest use case in my opinion. I don't want a constrained comptuer because I don't trust the computer maker to be open and above board about the precise way the computer is constrained. What do you feel may be hidden? And there's the rub. They won't trust us. So we won't trust them. The rub is that they/I don't trust large codebases to be bug free, so if you have secrets (do you have a PGP key?) you need somewhere protected to keep and manipulate them. Are we off-topic yet? ;) Tim -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
Re: [backstage] DRM and hwardware attitudes
Tim Thornton [EMAIL PROTECTED] writes: Nic said: I don't want a constrained comptuer because I don't trust the computer maker to be open and above board about the precise way the computer is constrained. What do you feel may be hidden? What do you feel a company might not hide? I think the attitude that led to the Sony fiasco last year is all too prevalent. It's not particularly evil, it's quick fix that leads people to do stupid things. If I don't control my computer then I don't control those things. It's a philosophical issue I grant you. But it's an important one I think and the crux of the DRM issue. The rub is that they/I don't trust large codebases to be bug free, so if you have secrets (do you have a PGP key?) you need somewhere protected to keep and manipulate them. So you don't trust code bases to be bug free so you have to trust a corporation to not abuse your trust in a constrained computer? Are we off-topic yet? ;) Oh yes. Do you think anyone's noticed? -- Nic Ferrier http://www.tapsellferrier.co.uk for all your tapsell ferrier needs - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
Re: [backstage] DRM and hwardware attitudes
I welcome it. Having a region of my computer that is independent of the regular computer gives me confidence that I can hold secrets on my PC. The whole purpose of trusted computing in its widest sense is to provide an environment where anyone can have trust. There are many uses for it, often directly beneficial to the owner, and DRM is only one. In fact, it's not the strongest use case in my opinion. There's not a single benefit that treacherous computing brings that cannot be solved another way, in your example you can hold secrets via any number of numerous encryption methods, my home PC has a whole encrypted partition for data security. Why do I need a so called trusted hardware element at all. Oh, and where did you get the idea that DRM is a benefit to the computer's owner? Vijay
Re: [backstage] DRM and hwardware attitudes
On 2/9/07, vijay chopra [EMAIL PROTECTED] wrote: Where did you get the idea that DRM is a benefit to the computer's owner? If content-owners* require DRM to be able to release content for use on your computer (currently the case in the BBC iPlayer, and/or Channel 4's on-demand plater, and/or XFM's MiXFM personalised radio service), then the additional content you are able to access is a benefit you would not get were your computer unable to deal with DRM. You are, of course, free not to use such services; and if enough people don't and tell the industry why, then the industry will be forced to listen. * content owners in this case is not the BBC, but musicians, actors, scriptwriters, production companies, and others who have a vested interest in Content Restriction And Protection. -- http://james.cridland.net/
