On Sat, Jul 13, 2002 at 10:59:23AM -0700, Eric Murray wrote:
Microsoft does not do things simply because they enjoy being evil.
They are not so worried about Linux (with its small share of the market)
that they will spend mega-bucks now on a very long term project that might
possibly let them
Eric Murray [EMAIL PROTECTED] writes:
On Fri, Jul 12, 2002 at 07:14:55PM +1200, Peter Gutmann wrote:
From a purely economic perspectice, I can't see how this will fly. I'll pull a
random figure of $5 out of thin air (well, I saw it mentioned somewhere but
can't remember the source) as the
On Fri, 5 Jul 2002, AARG!Anonymous wrote:
... /
Right, and you can boot untrusted OS's as well. Recently there was
discussion here of HP making a trusted form of Linux that would work with
the TCPA hardware. So you will have options in both the closed source and
open source worlds to
At 09:43 PM 06/28/2002 +0200, Thomas Tydal wrote:
Well, first I want to say that I don't like the way it is today.
I want things to get better. I can't read e-books on my pocket computer,
for example, which is sad since I actually would be able to enjoy e-books
if I only could load them onto my
--
On 5 Jul 2002 at 14:45, AARG! Anonymous wrote:
Right, and you can boot untrusted OS's as well. Recently there
was discussion here of HP making a trusted form of Linux that
would work with the TCPA hardware. So you will have options in
both the closed source and open source worlds to
Hadmut Danisch writes:
You won't be able to enter a simple shell script through the
keyboard. If so, you could simple print protected files as
a hexdump or use the screen (or maybe the sound device or any
LED) as a serial interface.
Since you could use the keyboard to enter a
Hadmut Danisch wrote:
On Wed, Jul 03, 2002 at 10:54:43PM -0700, Bill Stewart wrote:
At 12:59 AM 06/27/2002 -0700, Lucky Green wrote:
I fully agree that the TCPA's efforts offer potentially beneficial
effects. Assuming the TPM has not been compromised, the TPM should
enable to detect if
On Thu, Jul 04, 2002 at 10:54:34PM -0700, Lucky Green wrote:
Sure you can use shell scripts. Though I don't understand how a shell
script will help you in obtaining a dump of the protected data since
your script has insufficient privileges to read the data. Nor can you
give the shell script
Seth Schoen writes:
The Palladium security model and features are different from Unix, but
you can imagine by rough analogy a Unix implementation on a system
with protected memory. Every process can have its own virtual memory
space, read and write files, interact with the user, etc. But
anonym n : Mr. and Mrs. John Smith when signed in a motel register.
On Sun, Jun 30, 2002 at 09:55:58PM -0400, R. A. Hettinga wrote:
More to the point, there is no such thing as an anonym, by definition.
--
Barney Wolff
I never met a computer I didn't like.
R. A. Hettinga wrote:
At 12:06 AM +0100 on 7/1/02, Ben Laurie wrote:
No, a pseudonym can be linked to stuff (such as reputation,
publications, money). An anonym cannot.
More to the point, there is no such thing as an anonym, by definition.
Hmm. So present the appropriate definition?
Cheers,
At 11:30 PM -0400 on 6/30/02, Barney Wolff wrote:
anonym n : Mr. and Mrs. John Smith when signed in a motel register.
No. Pseudonym(s). Subclass Alias.
An anonym (literally, no name, right?) is not signing the book at all,
and, thus, as nyms go, can't exist except in your mind. Somewhere St.
My use of anonym was a joke. Sorry if it was too deadpan. But
my serious point was that if a pseudonym costs nothing to get or
give up, it makes one effectively anonymous, if one so chooses.
On Mon, Jul 01, 2002 at 11:37:28AM +0100, Ben Laurie wrote:
R. A. Hettinga wrote:
At 12:06 AM +0100
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 11:37 AM +0100 on 7/1/02, Ben Laurie wrote:
Hmm. So present the appropriate definition?
Well, like I said, (and to be completely pedantic about it :-)), it
seems to me that logically there's no such thing as an anonym even
though you could do
Barney Wolff wrote:
My use of anonym was a joke. Sorry if it was too deadpan. But
my serious point was that if a pseudonym costs nothing to get or
give up, it makes one effectively anonymous, if one so chooses.
Well, yeah, I'd say that single-use pseudonyms are, in fact, the
definition of
[Repost]
Bear writes:
A few years ago merchants were equally adamant and believed
equally in the rightness of maintaining their right to not
do business with blacks, chicanos, irish, and women. It'll
pass as people wake up and smell the coffee. Unfortunately
that won't be until after at
--
On 1 Jul 2002 at 15:06, Tim May wrote:
I have strong views on all this DRM and TCPA stuff, and
especially on the claim that some form of DRM is needed to
prevent government from taking over control of the arts.
But we said everything that needed to be said _years_ ago. No
point in
PROTECTED] '
[EMAIL PROTECTED]
Subject: Re: Ross's TCPA paper
Here's a clue, Mr. Bear. The cypherpunks list was founded on the
principle that cyberspace can enhance freedom, and that includes freedom
to associate with whomever you choose. Racism is evil, but the solution
must lie in people's
A pseudonym that I can give up at will and that can never afterwards
be traced to me is equivalent to an anonym.
I'm not suggesting that anonymity be outlawed, or that every merchant
be required to reject anonymous or pseudonymous customers. All I'm
suggesting is that small merchants MUST NOT
On Sun, 30 Jun 2002, Barney Wolff wrote:
The trouble I have with this is that I'm not only a consumer, I'm
also a merchant, selling my own professional services. And I just
will not, ever, perform services for an anonymous client. That's
my choice, and the gov't will take it away only when
On Sat, Jun 29, 2002 at 10:03:33PM -0700, bear wrote:
...
I won't give up the right NOT to do business with anonymous customers,
or anyone else with whom I choose not to do business.
A few years ago merchants were equally adamant and believed
equally in the rightness of maintaining their
On Sun, 30 Jun 2002, Barney Wolff wrote:
A pseudonym that I can give up at will and that can never afterwards
be traced to me is equivalent to an anonym.
Actually, I don't have a problem with it being traced afterwards,
if a crime has been committed and there's a search warrant or
equivalent to
On Mon, 24 Jun 2002, Anonymous wrote:
The important thing to note is this: you are no worse off than today!
You are already in the second state today: you run untrusted, and none
of the content companies will let you download their data. But boolegs
are widely available.
The problem is that
Yes, this is a debate I've had with the medical privacy7 guys, some of
whom like the idea of using Palladium to protect medical records.
This is a subject on which I've a lot of experience (see my web page),
and I don't think that Palladium will help. Privacy abuses almost always
involve abuse
On Wed, 26 Jun 2002, Barney Wolff wrote:
Do you really mean that if I'm a business, you can force me to deal with
you even though you refuse to supply your real name? Not acceptable.
I don't think that privacy (in the sense of having the right
to keep private details of your life from being
On 27 Jun 2002, David Wagner wrote:
No, it's not. Read Ross Anderson's article again. Your analysis misses
part of the point. Here's an example of a more problematic vision:
you can buy Microsoft Office for $500 and be able to view MS Office
documents; or you can refrain from buying it
Adam Back wrote:
I don't mean that you would necessarily have to correlate
your viewing habits with your TrueName for DRM systems.
Though that is mostly
(exclusively?) the case for current deployed (or at least
implemented with a view of attempting commercial deployment) copy-mark
David wrote:
It's not clear that enabling anti-competitive behavior is
good for society. After all, there's a reason we have
anti-trust law. Ross Anderson's point -- and it seems to me
it's one worth considering
-- is that, if there are potentially harmful effects that
come with the
From: [EMAIL PROTECTED]
As a side note, it seems that a corporation would actually have to
demonstrate that I had seen and agreed to the thing and clicked
acceptance. Prior to that point, I could reverse engineer, since
there is no statement that I cannot reverse engineer agreed to. So
On Thu, 27 Jun 2002, Lucky Green wrote:
David wrote:
It's not clear that enabling anti-competitive behavior is
good for society. After all, there's a reason we have
anti-trust law. Ross Anderson's point -- and it seems to me
it's one worth considering
-- is that, if there are
Peter D. Junger wrote:
That isn't the reason why a click-through agreement isn't
enforceable---the agreement could, were it enforceable, validlly
forbid reverse engineering for any reason and that clause would
in most cases be upheld.
Not in Europe though. EU directive 91/250/EEC on the
PROTECTED]
Sent: 6/25/02 11:56 AM
Subject: Re: Ross's TCPA paper
I don't believe that the choice is both privacy and TCPA, or neither.
Essentially all privacy violations are abuses of authorised access by
insiders. Your employer's medical insurance scheme insists on a
waiver allowing them access
On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
As I see it, we can get either privacy or DRM,
but there is no way on Earth to get both.
[...]
Hear, hear! First post on this long thread that got it right.
Not sure what the rest of the usually clueful posters were thinking!
DRM
On Tue, 25 Jun 2002, Dan Geer wrote:
the problem statements for privacy and for digital rights management
were identical
Hmm, so:
privacy : DRM :: wiretapping : fair use
- RL Bob
I'm slightly confused about this. My understanding of contract law is
that five things are required to form a valid contract: offer and
acceptance, mutual intent, consideration, capacity, and lawful
intent. It seems to me that a click-through agreement is likely to
fail on at least one, and
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Ross
Interesting QA paper and list comments. Three
additional comments:
1. DRM and privacy look like apple and speedboats.
Privacy includes the option of not telling, which DRM
does not have.
2. Palladium looks like just another vaporware from
Microsoft, to preempt a market like when MS promised
On Wed, Jun 26, 2002 at 03:57:15PM -0400, C Wegrzyn wrote:
If a DRM system is based on X.509, according to Brand I thought you could
get anonymity in the transaction. Wouldn't this accomplish the same thing?
I don't mean that you would necessarily have to correlate your viewing
habits with
On Wed, 26 Jun 2002, Barney Wolff wrote:
Do you really mean that if I'm a business, you can force me to deal with
you even though you refuse to supply your real name? Not acceptable.
I won't give up the right NOT to do business with anonymous customers,
or anyone else with whom I choose not to
Scott Guthery wrote:
Perhaps somebody can describe
a non-DRM privacy management system.
Uhh, anonymous remailers? I never disclose my identity, hence there is
no need for parties I don't trust to manage it.
Come on, folks. This ought to be cypherpunks 101. DRM might be one
way to achieve
Pete Chown wrote:
[...]
This doesn't help with your other point, though; people wouldn't be able
to modify the code and have a useful end product. I wonder if it could
be argued that your private key is part of the source code?
Am I expected to distribute my password with my code?
I don't believe that the choice is both privacy and TCPA, or neither.
Essentially all privacy violations are abuses of authorised access by
insiders. Your employer's medical insurance scheme insists on a
waiver allowing them access to your records, which they then use for
promotion decisions.
--- begin forwarded text
Status: U
Date: Sun, 23 Jun 2002 12:53:42 -0700
From: Paul Harrison [EMAIL PROTECTED]
Subject: Re: Ross's TCPA paper
To: R. A. Hettinga [EMAIL PROTECTED]
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022
on 6/23/02 6:50 AM, R. A. Hettinga at [EMAIL
Date: Sun, 23 Jun 2002 12:53:42 -0700
From: Paul Harrison [EMAIL PROTECTED]
Subject: Re: Ross's TCPA paper
I would think a TCP _with_ ownership of the TPM would be every paranoid
cypherpunk's wet dream. A box which would tell you if it had been tampered
with either in hardware or software
I, for one, can vouch for the fact that TCPA could absolutely
be applied to a DRM application. In a previous life I actually
designed a DRM system (the company has since gone under). In
our research and development in '96-98, we decided that you need
at least some trusted hardware at the client
It's an interesting claim, but there is only one small problem.
Neither Ross Anderson nor Lucky Green offers any evidence that the TCPA
(http://www.trustedcomputing.org) is being designed for the support of
digital rights management (DRM) applications.
Microsoft admits it:
It seems clear at least if DRM is an application than DRM applications would benefit
from the increased trust and architecturally that such trust would be needed to
enforce/ensure some/all of the requirements of the Hollings bill.
hawk
Lucky Green wrote:
other
technical solution that
On Mon, Jun 24, 2002 at 08:15:29AM -0400, R. A. Hettinga wrote:
Status: U
Date: Sun, 23 Jun 2002 12:53:42 -0700
From: Paul Harrison [EMAIL PROTECTED]
Subject: Re: Ross's TCPA paper
To: R. A. Hettinga [EMAIL PROTECTED]
The
important question is not whether trusted platforms are a good
Anonymous wrote:
Furthermore, inherent to the TCPA concept is that the chip can in
effect be turned off. No one proposes to forbid you from booting a
non-compliant OS or including non-compliant drivers.
Good point. At least I hope they don't. :-)
There is not even social opprobrium; look
Mike wrote quoting Lucky:
trusted here means that the members of the TCPA trust
that the TPM
will make it near impossible for the owner of that motherboard to
access supervisor mode on the CPU without their knowledge,
they trust
that the TPM will enable them to determine remotely
Lucky Green writes regarding Ross Anderson's paper at:
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
I must confess that after reading the paper I am quite relieved to
finally have solid confirmation that at least one other person has
realized (outside the authors and proponents of
Anonymous writes:
Lucky Green writes regarding Ross Anderson's paper at:
Ross and Lucky should justify their claims to the community
in general and to the members of the TCPA in particular. If
you're going to make accusations, you are obliged to offer
evidence. Is the TCPA really, as
I recently had a chance to read Ross Anderson's paper on the activities
of the TCPA at
http://www.cl.cam.ac.uk/ftp/users/rja14/.temp/toulouse.pdf
I must confess that after reading the paper I am quite relieved to
finally have solid confirmation that at least one other person has
realized
Ross has shifted his TCPA paper to:
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
At 07:03 PM 6/22/2002 -0700, Lucky wrote:
I recently had a chance to read Ross Anderson's paper on the activities
of the TCPA at http://www.cl.cam.ac.uk/ftp/users/rja14/.temp/toulouse.pdf
54 matches
Mail list logo
