Re: Microsoft: Palladium will not limit what you can run
On Thu, 13 Mar 2003, Hermes Remailer wrote: The following comes from Microsoft's recent mailing of their awkwardly named Windows Trusted Platform Technologies Information Newsletter March 2003. Since they've abandoned the Palladium name they are forced to use this cumbersome title. Hopefully this will shed light on the frequent claims that Palladium will limit what programs people can run, or take over root on your computer, and similar statements by people who ought to know better. It is too much to expect these experts to publicly revise their opinions, but perhaps going forward they can begin gradually to bring their claims into line with reality. The Xbox will not boot any free kernel without hardware modification. The Xbox is an IBM style peecee with some feeble hardware and software DRM. A Palladiated box is an IBM style peecee with serious hardware and software DRM. So, a fortiori, your claim is false. oo--JS. An Open and Interoperable Foundation for Secure Computing By John Manferdelli, General Manager, Windows Trusted Platform Technologies Microsoft Corporation The Next-Generation Secure Computing Base (NGSCB) is part of Microsofts long-term effort to deliver on our vision of Trustworthy Computing. We are pleased that independent observers and many journalists continue to show interest in NGSCB and what it will enable. While much of the response has been positive, especially among analysts, security experts and people concerned with privacy, we recognize that there are still questions about NGSCB, and still a great deal of misunderstanding and speculation around our intentions. In this newsletter Id like to set the record straight on one of the more common and persistent concerns, specifically that the NGSCB architecture will limit the things that people can do with computers by forcing them to run only approved software, or software that is digitally signed. In fact, NGSCB intends to do no such thing. It is important to understand that NGSCB is operating system technology. Just as anyone can build a program to run on Windows today using widely-published APIs, they will be able to build new programs tomorrow that take advantage of the NGSCB architecture when it is included in a future version of Windows. How these new programs are built and what they will require of the user are questions for the application developer to answer. But NGSCB inherently has no requirements forcing approval of code, digital signatures, or any other such qualifying mechanism. NGSCB will run any software that is built to take advantage of its capabilities, and it will only run with the users approval. Moreover, even when NGSCB is running, programs that are not using NGSCB features will operate just as they do today. It is true that NGSCB functionality can be used by an application (written by anyone) to enforce a policy that is agreed to by a user and a provider, including policies related to other software that the application can load. Such a policy could, for example: - Govern how private information is used by software - Prevent malicious code from snooping private information, stealing keys, or corrupting important information (i.e., banking transaction data) - Govern how intellectual property running inside the application can be used Policies like these could be set by the user at his or her sole discretion, or they could be set in a manner mutually agreed to by a user and one or more parties. However, NGSCB does no screening of application components or content, and if any screening took place, it would be within the isolated bounds of an application running under NGSCB. Moreover, no NGSCB application can censor content played by another NGSCB application. Policy in the Hands of the User The extent to which the NGSCB will be beneficial will largely depend on the wisdom of the policies that people choose to embrace. We are designing NGSCB to give individuals visibility to the policies available to them in the programs they run, as well as control over how they proceed. By offering new features to enhance privacy, security and system integrity, we can foresee NGSCB enabling a wide range of beneficial scenarios, including the following: - Helping to protect personal medical information - Preventing a bad application from interfering with a banking transaction - Preventing viruses from harming programs or data - Preventing unauthorized people or applications from accessing a computer remotely and carrying out unauthorized actions My colleagues and I appreciate your interest in the work we are doing. We know we still have a lot of work to do, and value the beneficial influence that discussion and debate provide as we strive to deliver trustworthy computing technologies. - John Manferdelli - The Cryptography Mailing List Unsubscribe by
Re: FYI: Palladium now NGSCB
On Mon, 27 Jan 2003 [EMAIL PROTECTED] wrote: From: http://news.zdnet.co.uk/story/0,,t269-s2129337,00.html Microsoft has dropped the code name of its controversial security technology, Palladium, in favor of this buzzword- bloated tongue twister: next-generation secure computing base. Similar from http://www.theregister.co.uk/content/4/29039.html -Michael Heyman I think that if we cooperate we can stop this absurd Orwellian grab of a perfectly generic phrase. Palladium is the proper name. Microsoft should not be allowed to claim next-generation secure computing base as a trademark nor as a term meaning Palladium. Not as a trademark because the phrase is deceptive and generic and not as a term because the term is deceptive and generic. There is no advantage to us in propagating this crude lie. I ask that those on this list continue to refer to Palladium by its right name Palladium. If we continue to use Palladium to mean Microsoft's program, Palladium remains a useful term of art. It is precise and accurate, whereas next-generation secure computing base is misleading, vague, and inaccurate. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Privacy-enhancing uses for TCPA
On Sat, 3 Aug 2002, AARG!Anonymous wrote: ... / Now for a simple example of what can be done: a distributed poker game. Of course there are a number of crypto protocols for playing poker on the net, but they are quite complicated. Even though they've been around for almost 20 years, I've never seen game software which uses them. With TCPA we can do it trivially. ... / No. Have you included the cost of giving every computer on Earth to the Englobulators? If you wish, we can write an implementation of the wonderful protocols for distributed safer card drawing and we can play our games of poker. And we may run our poker room on the hardware and software we have today, no need for DRM. Indeed today millions use toady's untrammeled hardware and, this is incredible, Microsoft OSes to conduct their personal banking. If the market considers that present systems suffice for this, well, I do not think that we need surrender our computers to the Englobulators to save three man-months of programmer time. ad next moves in the eristic tree: You: Marginals vs. total time-space integrated costs/benefits! I: Happy to demonstrate estimates of totals come out for my side. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Challenge to David Wagner on TCPA
On Fri, 2 Aug 2002, James A. Donald wrote: -- On 2 Aug 2002 at 10:43, Trei, Peter wrote: Since the position argued involves nothing which would invoke the malign interest of government powers or corporate legal departments, it's not that. I can only think of two reasons why our corrospondent may have decided to go undercover... I can think of two innocuous reasons, though the real reason is probably something else altogether: 1. Defending copyright enforcement is extremely unpopular because it seemingly puts you on the side of the hollywood cabal, but in fact TCPA/Paladium, if it works as described, and if it is not integrated with legal enforcement, does not over reach in the fashion that most recent intellectual property legislation, and most recent policy decisions by the patent office over reach. a. TCPA/Palladium must be integrated with laws which give to the Englobulators absolute legal cudgel powers, such as the DMCA. So far I have not seen any proposal by the Englobulators to repeal the DMCA and cognate laws, so if TCPA/Palladium is imposed, the DMCA will be used, just as HP threatened to use it a couple of days ago. And, of course, today there is no imposed TCPA/Palladium, so the situation will be much worse when there is. b. Why must TCPA/Palladium be a dongle on the whole computer? Why not a separate dongle? Because, of course, the Englobulators proceed here on principle. The principle being that only the Englobulators have a right to own printing presses/music studios/movie and animation studios. 2.. Legal departments are full of people who are, among their many other grievious faults, technologically illiterate. Therefore when an insider is talking about something, they cannot tell when he is leaking inside information or not, and tend to have kittens, because they have to trust him (being unable to tell if he is leaking information covered by NDA), and are constitutionally incapable of trusting anyone. --digsig There is a business, not yet come into existence, of providing standard crypto services to law offices. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Challenge to David Wagner on TCPA
On Thu, 1 Aug 2002, AARG!Anonymous wrote: Eric Murray writes: TCPA (when it isn't turned off) WILL restrict the software that you can run. Software that has an invalid or missing signature won't be able to access sensitive data[1]. Meaning that unapproved software won't work. [1] TCPAmain_20v1_1a.pdf, section 2.2 We need to look at the text of this in more detail. This is from version 1.1b of the spec: : This section introduces the architectural aspects of a Trusted Platform : that enable the collection and reporting of integrity metrics. : : Among other things, a Trusted Platform enables an entity to determine : the state of the software environment in that platform and to SEAL data : to a particular software environment in that platform. Claimed advantage to me here? : : The entity deduces whether the state of the computing environment in : that platform is acceptable and performs some transaction with that : platform. If that transaction involves sensitive data that must be : stored on the platform, the entity can ensure that that data is held in : a confidential format unless the state of the computing environment in : that platform is acceptable to the entity. Claimed advantage to me here? : : To enable this, a Trusted Platform provides information to enable the : entity to deduce the software environment in a Trusted Platform. That : information is reliably measured and reported to the entity. At the same : time, a Trusted Platform provides a means to encrypt cryptographic keys : and to state the software environment that must be in place before the : keys can be decrypted. What this means is that a remote system can query the local TPM and find out what software has been loaded, in order to decide whether to send it some data. It's not that unapproved software won't work, it's that the remote guy can decide whether to trust it. Claimed advantage to me here? Also, as stated earlier, data can be sealed such that it can only be unsealed when the same environment is booted. This is the part above about encrypting cryptographic keys and making sure the right software environment is in place when they are decrypted. Claimed advantage to me here? Ok, technically it will run but can't access the data, but that it a very fine hair to split, and depending on the nature of the data that it can't access, it may not be able to run in truth. If TCPA allows all software to run, it defeats its purpose. Therefore Wagner's statement is logically correct. But no, the TCPA does allow all software to run. Just because a remote system can decide whether to send it some data doesn't mean that software can't run. And just because some data may be inaccessible because it was sealed when another OS was booted, also doesnt mean that software can't run. Claimed advantage to me here? I think we agree on the facts, here. All software can run, but the TCPA allows software to prove its hash to remote parties, and to encrypt data such that it can't be decrypted by other software. Would you agree that this is an accurate summary of the functionality, and not misleading? Of course we do not agree. Under the DRM/TCPA regime I cannot legally do the following thing: Spoof your handshake and then run my cracker on the encrypted data you send me. So some software will not legally run under DRM/TCPA. If so, I don't see how you can get from this to saying that some software won't run. You might as well say that encryption means that software can't run, because if I encrypt my files then some other programs may not be able to read them. See above. Please be precise in your response. Most people, as you may have seen, interpret this part about software can't run much more literally. They think it means that software needs a signature in order to be loaded and run. I have been going over and over this on sci.crypt. IMO the facts as stated two paragraphs up are completely different from such a model. No. They are exactly software needs to be signed to run. Otherwise why cannot I run cp on the movie that Time-Warner-AOL sends me? Yes, the spec says that it can be turned off. At that point you can run anything that doesn't need any of the protected data or other TCPA services. But, why would a software vendor that wants the protection that TCPA provides allow his software to run without TCPA as well, abandoning those protections? That's true; in fact if you ran it earlier under TCPA and sealed some data, you will have to run under TCPA to unseal it later. The question is whether the advantages of running under TCPA (potentially greater security) outweigh the disadvantages (greater potential for loss of data, less flexibility, etc.). Ah, so much for your claim that all software that now runs will run under DRM/TCPA. You admit that software I may now run cannot be run under DRM/TCPA.
Re: Ross's TCPA paper
On Fri, 5 Jul 2002, AARG!Anonymous wrote: ... / Right, and you can boot untrusted OS's as well. Recently there was discussion here of HP making a trusted form of Linux that would work with the TCPA hardware. So you will have options in both the closed source and open source worlds to boot trusted OS's, or you can boot untrusted ones, like old versions of Windows. The user will have more choice, not less. ... / Nonsense. Let us remember what Palladium is: Palladium is a system designed to enable a few large corporations and governments to run source secret, indeed, well-encrypted, code on home user's machines in such a way that the home user cannot see, modify, or control the running code. The Orwellian, strictly Animal Farmish, claim runs: Why it is all just perfectly OK, because anyone can run source secret, well encrypted, code in an uncontrolled manner on anyone's machine at will! We are all equal, it is just that some, that is, We the Englobulators, will in practice get to run source secret, well-encrypted, code on hundreds of millions of users' machines while you, you will never run such code on anybody else's machine except at a hobbyists' fair, precisely to demonstrate we are all equal.. There are other advantages to Palladium: No free kernel will ever freely boot on a Palladium machine. And there is more. If Palladium is instituted: Microsoft will support the most vicious interpretation of the DMCA and press for passage of the SSSCA, in order that the first crack does not prove to the world that Palladium cannot prevent all copyright infringement. Microsoft will be able to say See, it is these GNU/BSD/XFree/Sendmail/Apache/CLISP folk who are causing all this dreadful copyright infringement. Why owning a non-Palladium machine should be declared, no, not illegal, we are not monsters after all, but probative evidence that the owner is an infringer, and more, a general infringer and a member of the Copyright Infringement Conspiracy. Why some of them even write such code as the well known, and in CIC circles, widely used, tool of infringement called 'cp'. Senator, I know you will be as shocked as I was when I learned what 'cp' stands for. It stands for 'copy'. And I do not mean safe Englobulator-Certified Fair Use Copying, such as is provided by the Triple X Box, which, for a reasonable license fee, allows up to six copy-protected copies to be made before settling of accounts and re-certification of the Box over the net. No, I mean, raw, completely promiscuous copying of any file on the machine, as many times as the infringer wishes. Without record, without payment to the artist, without restraint. Senator, I prefer to call cp 'The Boston Strangler', because that is exactly what it is. And every single non-Palladium operating system in the world comes with cp already loaded, loaded and running.. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Shades of FV's Nathaniel Borenstein: Carnivore's Magic Lantern
On Wed, 21 Nov 2001 [EMAIL PROTECTED] wrote: R. A. Hettinga writes: Everyone remember First Virtual's Nat Borenstein's major discovery of the keyboard logger? 'Magic Lantern' part of new 'Enhanced Carnivore Project' [etc] In the same vein, but a different application, does anyone know what the state of the art is for detecting such tampering? In particular, when sitting at a PC doing banking, is there any mechanism by which a user can know that the PC is not corrupted with such a key logger? The last time I checked, there was nothing other than the various anti-virus software. Paul If you are running a source secret operating system, it is more difficult to detect tampering. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Sen. Hollings plans to introduce DMCA sequel: The SSSCA
On Sun, 9 Sep 2001, Carsten Kuckuk wrote: Am I right in that this bill would effectively outlaw all free open-source operating systems like Linux, OpenBSD, FreeBSD, etc.? Carsten Kuckuk Yes. All interactive digital systems that directly connect to the net will have to licensed. Most that do not connect directly will also have to be licensed. License costs will be high enough so that only a few large companies can afford them. Individuals will not be allowed to assemble components to make a computer for themselves, unless they spend millions on a license, and wait some months for the paperwork to go through. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
