[linux-elitists] LOCAL Mountain View, California, USA: events this week

Seth David Schoen schoen@loyalty.org
Sun Oct 12 23:44:16 PDT 2003


Don Marti writes:

> Wednesday night:
> Seth Schoen fixes TCPA, saves Freedom:
> http://www.sdforum.org/p/calEvent.asp?CID=1182

Sorry that didn't happen.  And I still haven't fixed TCPA.

Intel has posted its Policy Statement on LaGrande Technology:

ftp://download.intel.com/technology/security/downloads/LT_policy_statement_0_8.pdf

LaGrande is in the interstices between TCG and NGSCB.  TCG has not
specified a secure I/O path or "curtained memory" as required by
NGSCB.  LaGrande does, so it effectively provides the complete
hardware support NGSCB would need.  (AMD has a similar project called
SEM, which I know very little about other than that it is supposed to
do similar things and at least one of the people working on it is
exceptionally honest.)

Anyway, Intel wants your comments on the LT policy.  The thing that
jumps out at me (as the author of "Trusted Computing: Promise and
Risk") is that Intel thinks that opt-out or opt-in can solve the
problems of attestation.  This is the official view of a lot of
trusted computing proponents.  The defects of this view are difficult
to describe and are complicated by the fact that some trusted
computing critics don't believe that LT (or TCG or NGSCB) will
actually provide an opt-out.  (I do believe this.)

The root of the difficulty is that, in the nature of attestation, you
can be _punished_ for opting out (beyond the scope of simply not
enjoying particular features to which what you opted out of is
technically necessary).  For example, if you have a feature with
privacy implications like What's Related in browsers, you can opt of
using What's Related and the only penalty will be that you won't see
what's related to the sites you're looking at.  Or if you don't like
Microsoft's software updates, you can opt out of those and the only
penalty will be that your software won't be patched.  (This is
actually a somewhat thorny issue since no other sources of patches to
Microsoft software have so far arisen.)

But in most other cases with which we're familiar, opting out has a
relatively narrow effect, and there is fairly little leverage to
punish you for having done so.  At least, that's true of opt-out
features in the context of technology choices; it might not be true in
some off-line situations.

In the nature of attestation and its effect on interoperability,
though, opting out of attestation might be ruinous for your hopes of
communicating with others.  If they can be induced to use proprietary
protocols or file formats, opting out may lead to a permanent
inability to exchange data with them.  Opting in, by the same token,
could lead to a permanent loss of software choice (and the effective
inability to reverse engineer or repair your software) at least during
the particular periods of time when you want to communicate with other
people or manipulate what they sent you.

Opt-in can't undo the harmful network effects attestation will produce
for competition and for all computer owners.

Anyway, that's what I plan to tell Intel, in somewhat more detail,
sometime before December 31.

And remember:

   [T]rusted computing systems fundamentally alter trust relationships.
   Legitimate concerns about trusted computing are not limited to one
   area, such as consumer privacy or copyright issues.

-- 
Seth David Schoen <schoen@loyalty.org> | Very frankly, I am opposed to people
     http://www.loyalty.org/~schoen/   | being programmed by others.
     http://vitanuova.loyalty.org/     |     -- Fred Rogers (1928-2003),
                                       |        464 U.S. 417, 445 (1984)



More information about the linux-elitists mailing list