[p2p-hackers] Stop Palladium and TCPA Now!

Zooko zooko at zooko.com
Mon Feb 3 18:17:02 UTC 2003

[replying to two separate messages posted by Hal Finney]

 Hal Finney wrote:
> How easy will it be for Microsoft to sell its new version of Windows if
> it has all these built-in incompatibilities?
> And if Microsoft were sure this were the right way to go, couldn't they
> do much of this already?


You are one of the two people (along with Dave Wagner) whose posts I always read 
first in any thread concerning crypto or security.  Your vast knowledge about 
the many subfields of security has always impressed me, and I have in fact 
commented to my wife a couple of times that there's this guy named "Hal Finney", 
and I don't know much about him personally, but in any good mailing list, he 
always shows up and contributes the most useful posts about crypto and security.

(Also, you contributed useful crypto patches to Mojo Nation.)

Therefore, I'm quite surprised that you evince an apparent ignorance of the 
history of Microsoft successfully maintaining and extending its dominance by 
deliberate and systematic application of strategic incompatibility, FUD, 
strongarm tactics, and cetera.

The question is not "Couldn't Microsoft do much of this already?", but "Given 
that Microsoft has been doing this with great success for the last two decades, 
is there any reason to believe that they will stop doing it as they deploy their 
new crypto platform?".

> What does "trusted computing" (or "treacherous computing" if you prefer)
> mean for P2P hacking?

And here Hal continues to uphold his reputation for top notch security analysis 
contributed gratis to the world through Internet mailing lists.

I'm glad I took the time to read your whole post.  Your overall point that there 
could be good applications of the "send signed hash of application" feature is 

Sadly, I feel strongly that even if Microsoft, Intel and others were to allow me 
to use that feature for an application that they may disagree with (a 
censorship-resistant decentralized file store), that the good things that 
I could do with it would be dwarfed by the harm that the corporations and 
governments would do with it.

(I hold, in fact, the belief that you alluded to: I consider talking about the 
possible good uses of the possible "send signed hash of application" feature to 
be counterproductive, since the certain bad uses of that possible feature, as 
well as the certain "only allow authorized code to use certain data" feature are 
far more important.)

> Some people claim that this technology will
> only run Microsoft-signed executables, for example.
> All the evidence is that this
> claim is FALSE but still it floats around.  FUD is hard to kill.

If by "this technology", you mean the technology required by the TCPA v1 
specification, then you are right.  If by "this technology", you mean the 
strategic initiative that is already being deployed to consumers in stealthy 
increments, then you are wrong.  I point to Xbox's resistance to booting 
alternative operating systems, Windows XP's requirement that hardware drivers be 
digitally signed by Microsoft, and the Creative Labs DRM sound cards that are 
already in the hands of unsuspecting consumers as just three examples which are 
already deployed.

Next year's version will be more effective and it will extend its control to 
more parts of the users' lives.

It could also, very easily, be automatically deployed without user intervention 
through Windows XP's automatic update.

Probably part of the disagreement that we've just witnessed on this mailing list 
is a terminological collision.  Hal Finney and Adam Langley use "TCPA" to mean a 
certain operating system/machine feature described in the "TCPA specification".  
Seth Johnson, and I use "TCPA/Palladium" to denote a certain grand strategy to 
make computers incapable of performing forbidden acts even if their users want 
them to, and to deploy this new platform with stealth, obfuscation, and spin 
management so that the consumers don't realize what it is and refuse to use it.  
The former technical specification is one important step in the latter world-
domination strategy.




More information about the P2p-hackers mailing list