[p2p-hackers] Stop Palladium and TCPA Now!

Hal Finney hal at finney.org
Mon Feb 3 15:10:02 UTC 2003

I suppose this is all off topic for this list, so I will respond
briefly and then say something that is on topic.

Ingo Luetkebohle writes:

> If you try to tell me that a steak is "well done", when its really
> still bloody on the inside and I call it "english" instead, is that
> calling names?  I don't think so.

Zooko had written: "Yes, I'm just calling them names.  It was RMS's
idea AFAIK."  and I was responding to that.

Regarding removing clear-text saving from Word:

> Thats a nice example, but it doesn't really fit here.  There's no
> reason at all to remove that functionality, so the removal would be
> seen clearly for what it is, a restriction of users freedoms.
> OTOH, the media industry is hard at work telling everyone that copying
> is immoral anyway, even for personal use.  I recently attended a
> lecture by a well known german hypertext researcher (Dr. Rainer
> Kuhlen, from Konstanz) who talked about freedom of research and the
> value of interchanging ideas and works.  After his very well reasoned
> and /extremely/ polite lecture was over, he was accused of trying to
> defend "theft" by the assembled media industry representatives.
> /Thats/ what I call stifling a discussion and thats why the discussion
> about the removal of functions from media applications is such a
> different matter and the 'Word' comparison not really fitting.

Zooko had written: "Currently we live in an exception from the big
pattern -- a bubble in history, when I can send and receive e-mail and
web pages with my mom even though she runs Windows and I run Linux.
This will become less and less possible in the future, as the web page
that she views and the document tools that she uses (MS Word, Outlook)
start emitting information which is cryptographically impossible for
me to read.  (For example, because the information is encrypted with
a public key whose private counterpart is embedded in my computer and
only available if I boot Windows.)"

Zooko was the one who raised the example of tools that only output
information in a form which is impossible for non-Windows-users to read.
I think my question about a version of Word which doesn't save plain-text
is very appropriate in this context.

But I won't belabor the point.  Rather, on to the relevant context.
What does "trusted computing" (or "treacherous computing" if you prefer)
mean for P2P hacking?

There are possible bad and possible good effects.  The bad possibility
is that somehow TC will prevent P2P from happening, at least without
authorization of some sort.  Some people claim that this technology will
only run Microsoft-signed executables, for example.  The first message
in this thread made exactly that claim.  All the evidence is that this
claim is FALSE but still it floats around.  FUD is hard to kill.

Alternative claims are that Microsoft will become able to send out
search-and-destroy messages which will take over your computer and cause
it to delete all the files on certain lists.  I believe this statement
is in Ross Anderson's TCPA FAQ.  Again, I don't know of any shred of
credible evidence that Microsoft or anyone else plans to do this, or
would be able to get away with it if they tried.

There are also suggestions that the TCPA crypto package could be subverted
from outside, so that if you relied on it, they could backdoor your
crypto.  Then any P2P package that relied on this possibly-future-standard
crypto technology could have its crypto defeated and its users would
lose their privacy and possibly freedom.  I've studied the existing TCPA
specs and this doesn't look possible to me, but then most claims along
these lines are expressed in speculative terms and not firmly grounded
in the actual implementations.

We've all heard about these possible bad effects; are there any good ones?
Are there ways that P2P software could benefit from TCPA technology?

I think there might be, but to understand the possible benefits you
would have to view TCPA objectively, as an engineer, rather than how an
activist or politician sees it.  It's gotten to the point where even
discussing this technology calmly is quite difficult, and anyone who
does so finds himself accused of being a shill for the content industry.
The assumption is that the possible bad consequences of TCPA/Palladium
are so awful that any discussion of good uses is counter-productive,
as it makes it more likely that the terrible outcome will occur.

But if you can get past that for a moment and just think objectively,
there are some things that TCPA can do for you.  It has a crypto package
that includes at least some degree of tamper resistance for holding the
keys.  It's kind of like having a smart card bolted to the motherboard.
So this could be a key store that would have advantages over just putting
your crypto keys into memory.

TCPA/Palladium also have some features for getting a hash of the software
that is loaded.  The details are a little vague still, but both of them
provide at least in principle for securely reporting this hash in response
to remote inquiries.  They can also seal (encrypt) data and lock it to the
hash of the currently running software, such that it can't be decrypted if
some other software configuration is running.

So this can provide more security for key storage; in principle your
application could generate a key and encrypt some data, and no other
application could decrypt the data.  Also if your application were
tampered with or infected with a virus, its hash would change and it
would not be able to decrypt the data any more.  All this can increase
the security of your key management.

The remote reporting of the hash is the most interesting (and perhaps
threatening) aspect of the technology.  It means that you can connect
to another computer and get a "trustworthy" report of what software
you are talking to (which is really where the name "trusted computing"
comes from).  Now, this trustworthyness is modulo a number of issues,
like hardware compromise and chain of custody, and it's not clear if the
infrastructure for all this will ever be developed.  But the DRM people
need it and so if it does happen, P2P could piggyback on it.

Basically this remote report would let you write P2P apps where each one
could trust (there's that word again) its peers to a degree impossible
today.  P2P apps in today's environment have to be defensive, or at least
they need to grow some defenses once they get a big enough profile in
the world.  Anyone could send any data claiming to be participating in
the P2P protocol.  There has been some discussion with regard to Gnutella
about the problems with "bad peers" in the net.  Designing protocols
which can detect and respond to misbehavior is an ongoing effort.

Theoretically trusted computing would provide either a way of avoiding
this requirement, or another layer of defense, depending on how you look
at it.  It would make it more expensive and difficult to subvert a P2P
network with bad data and bad traffic.  The P2P nodes could check that
their peers were running the expected software and refuse to connect
to them if not.  This would all be based on the ability to get a remote
snapshot of the running software.

So these are a few possibilities for how TCPA/Palladium could actually
benefit P2P, if and when these technologies become mature.  They are
still speculative, and more details of how trusted computing will work
will be necessary before we can evaluate these ideas.  But hopefully
they illustrate that the basic technology of trusted computing has more
uses than to take over your computer, or to treacherously take control
of your system away from you.


More information about the P2p-hackers mailing list