Adam Back says:
Providing almost no hardware defenses while going to extra-ordinary
efforts to provide top notch software defenses doesn't make sense if
the machine owner is a threat.
So maybe the Palladium folks really mean it when they say the purpose
of Palladium is not to enable DRM?
I doubt
On Tue, Oct 22, 2002 at 04:52:16PM +0100, Adam Back wrote:
So they disclaim in the talk announce that Palladium is not intended
to be secure against hardware attacks:
| Palladium is not designed to provide defenses against
| hardware-based attacks that originate from someone in control of
On Tue, 22 Oct 2002, Rick Wash wrote:
Hardware-based attacks cannot be redistributed. If I figure out how
to hack my system, I can post instructions on the web but it still
requires techinical competence on your end if you want to hack your
system too.
While this doesn't help a whole lot
At 4:52 PM +0100 10/22/02, Adam Back wrote:
Remote attestation does indeed require Palladium to be secure against
the local user.
However my point is while they seem to have done a good job of
providing software security for the remote attestation function, it
seems at this point that hardware
Software-based attacks are redistributable. Once I write a program
that hacks a computer, I can give that program to anyone to use. I
can even give it to everyone, and then anyone could use it. The
expertise necessary can be abstracted away into a program even my
mother could use.