[p2p-hackers] Stop Palladium and TCPA Now!

Ingo Luetkebohle iluetkeb at TechFak.Uni-Bielefeld.DE
Tue Feb 4 05:33:03 UTC 2003


Hi,

sorry if this off-topic (again?).  I also think that being objective
on this topic is very important but likewise I'm of the opinion that
there are issues about the TCPA that, though non-technical, are
relevant for engineers and that, when taking a purely technical point
of view, its tempting to forget crucial issues in the understandable
excitement over having a crypto device in every box.

On Mon, Feb 03, 2003 at 03:09:27PM -0800, Hal Finney wrote:
> But if you can get past that for a moment and just think objectively,
> there are some things that TCPA can do for you.
[...]

At last years Chaos Communication Congress, there was a big discussion
on the TCPA.  Almost everybody agreed it could be usefull.  Likewise,
almost everybody agreed that the same benefits could be had by other
means.  Smart cards were mentioned as one possibility, USB tokens are
another, surely such a device could also be plugged in as a PCI card.
So, the question becomes: Why do it this way and not another?  Why,
e.g., hasn't the smartcard industry gotten its act together and
standardized?

Of course, there are cost benefits to be had by integrating the chip
directly on the mainboard and it would do wonders for ubiquity.
However, its also very bad for upgrading -- there's a large installed
base of machines without a TPM in use and replacing the main-board in
every one of them is not feasible.  So, from a purely objective
engineering point of view, its not clear that this is the best
solution.  The idea that something other than objective, engineering
reasons are behind the decision to do it this way can't be discarded
offhandedly, as much as I personally would like that.

The one, big difference is that a TPM can't be removed.  Coupled with
the information that there will be keys in the TPM that can't -- ever
-- be taken out, and thats not just for high-security applications but
a feature supposedly for everyday usage, it makes you wonder.

So, of course, a TPM could be very cool device and I'm sure many cool
apps will benefit from it.  But its architecture allows other things
and, after having read Lessigs "Code", I'm a little bit paranoid such
things ;-)

bye

-- 
		Ingo Luetkebohle / http://blank.pages.de/
Computer Science & Linguistics Student   / iluetkeb at techfak.uni-bielefeld.de



More information about the P2p-hackers mailing list