On Fri, 13 Dec 2002, Nomen Nescio wrote: > According to the message below, Palladium will not include a "serial > number revocation list", "document revocation list", or similar > mechanism to delete pirated music and other unauthorized content. > These claims have been made most vocally by Ross Anderson in his TCPA > FAQ, http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html, and by Lucky Green > in his DefCon presentation, http://www.cypherpunks.to/. > > Instead, the point of Palladium is to create "a decentralized, trusted > computing base... whose integrity can be audited by anyone". This is > accomplished, as has been discussed at length here and elsewhere, > by hardware which can compute a secure hash of software as it loads, > and which can attest to this hash via cryptographic signatures sent to > remote systems. This functionality allows software to prove to third > parties that it is running unmolested, which is the basic functionality > provided by Palladium. > > Unfortunately, the exaggerated and misleading claims in the links above > are accepted as truth by most readers, and a false picture of Palladium > is virtually universal on the net. Isn't it time for security experts > to take a responsible position on this technology, and to speak out > against the spread of these falsehoods?
All of this is speculation until the system is actually implemented. The questions are "Who do you trust?" and "Do their interests coincide with yours?". I do not trust Microsoft as far as I can throw them. They have demonstrated in the past that "security" for them means "the check cleared". There have been too many holes, backdoors, and outright sabotage of competitors that they have lost any credibility with me. And since they are unwilling to publish source, the code is suspect from the start. (I doubt if they will let a third party that i trust audit the software without 42 levels of NDAs and a lein on their immortal souls.) There are other projects to insure that the software running at the kernel level is authorised via cryptographic checksums. (Both in BSD and in Linux.) What users are (rightfully) afraid of is that this is yet another effort to remove control from the users over what software they can use and how they can use it. Microsoft has already used this method to control just what types of protocols and video drivers could be used under Windows terminal server. (You had to have the app sighed by Microsoft in order to run and they wouldn't sign certain compeating protocols.) This method was bypassed by some interesting hackery, BTW. (Thou shalt not split thy open calls.) So far the only examples we have is that of Microsoft's past behaviour. It is not oriented for your security or mine, but of theirs. The fear is justified. (And ancient.) > > > > A Few Words About Palladium > > By John Manferdelli, General Manager, Trusted Platform Technologies, > > Microsoft Corporation > > > > As you may know, I spent some time on the road in the UK in > > November. During my visit, I had the chance to meet some of you at > > the "Meet the Technologists" breakfast at the Microsoft Campus in > > Reading. Thanks to those of you who were able to attend. It was a great > > chance to engage in frank discussions about some of the more controversial > > topics surrounding Palladium. > > > > One of the issues we discussed was whether Palladium would include > > mechanisms that would delete pirated music or other content under remote > > control or otherwise disable or censor content, files, or programs running > > on Windows. The truth is, Palladium will not disable any content or file > > that currently runs. Palladium was designed so that no policy will be > > imposed that is not approved by the user. Microsoft is firmly opposed to > > putting "policing functions" into Palladium and we have no intention of > > doing so. The machine owners - whether an individual or enterprise - have > > sole discretion to determine what programs run under Palladium. Programs > > that run under Palladium, just like programs that run under Windows, > > will do whatever they are allowed to do, based on the security settings > > on the user's machine. Palladium not only respects existing user controls, > > it strengthens them. > > > > What Palladium does change is the ability for software to be protected > > from other software. Palladium will enable and safeguard a decentralized > > trusted computing base on open systems. These security-oriented > > capabilities in Windows will be enabled by a relatively small change in > > hardware, and will help transform the PC into a platform that can perform > > trusted operations that span multiple computers under a trust policy that > > can be dynamically created and whose integrity can be authenticated by > > anyone. In addition, it will preserve the flexibility and extensibility > > that contributes so much to the entire PC ecosystem. > > > > I hope to have an opportunity to meet more of you in the New Year. We'll > > keep you posted about Palladium-related industry events and other "Meet > > the Technologist" opportunities. > > > > Happy holidays! > > - John Manferdelli > > > > P.S. While I was in London, I also had the opportunity to speak about > > Trustworthy Computing and the Palladium initiative at the Trusted > > Computing Masterclass in London. The event included participants from > > Hewlett Packard Labs, Red Hat, and Cambridge University, among others. You > > can read more about the event at www.netproject.com.
