On Wed, 17 Dec 2003, Jerrold Leichter wrote:
>Given this setup, a music company will sell you a program that you must >install with a given set of access rights. The program itself will check >(a) that it wasn't modified; (b) that a trusted report indicates that it >has been given exactly the rights specified. Among the things it will check >in the report is that no one has the right to change the rights! And, of >course, the program won't grant generic rights to any music file - it will >specifically control what you can do with the files. Copying will, of course, >not be one of those things. I think that if the music company wants that much control (which is, btw, in clear violation of the First Sale Doctrine), then the only legal way for them to achieve it is to provide a player specifically for the music which they own, in exactly the same way that banks retain ownership of the credit cards and smartcards we use. As long as the player is not their property, they can't do this. The major problem I want a trusted kernel for is because I don't want to trust binaries provided by closed-source software houses. I want my trusted kernel to tell me exactly what priveleges they're asking for and I want to tell it exactly what priveleges it's allowed to provide them. I want it to be able to tell me exactly when every executable file appeared, and as a result of running which other executable file (all the way back to whichever command *I* gave that resulted in its being there). I want it to tell me exactly how the daemon listening on any tcp port got installed and what priveleges it has. I want my trusted kernel to keep tamper-proof logs; in fact I'd go so far as to want to use a write-once media for logfiles just to make absolutely sure. A trusted kernel should absolutely know when any program is reading screen memory it didn't write, or keyboard keystrokes that it then passes as input to another program, and it should be possible for me to set up instant notification for it to alert me when any program does so. A trusted kernel should monitor outgoing network packets and sound an alarm when any of them contains personal information like PINs, passwords, keys, Social Security Number, Drivers License, Credit Card numbers, Address, etc. It should even be possible to have a "terminate-with-prejudice" policy that drops any such packets before sending and terminates and uninstalls any unauthorized application that attempts to send such packets. I really don't care if anyone *else* trusts my system; as far as I'm concerned, their secrets should not be on my system in the first place, any more than my secrets should be on theirs. The fact is I'm building a system out of pieces and parts from hundreds of sources and I don't know all the sources; with an appropriate trusted kernel I wouldn't have to extend nearly as much "black box" trust to all the different places software comes from. >Yes, you can construct a system that *you* can trust, but no one else has >any reason to trust. However, the capability to do that can be easily >leveraged to produce a system that *others* can trust as well. There are >so many potential applications for the latter type of system that, as soon >as systems of the former type are fielded, the pressure to convert them to >the latter type will be overwhelming. I do not think so. People want to retain ownership of their computer systems and personal information, and a system that is made for *others* to trust would be used to take that ownership and information. > Ultimately, TCPA or no, you will be faced with a stark choice: Join the > broad "trust community", or "live in the woods". No. Lots of bands release music and encourage sharing, as promo for their main revenue source (concert tours). I see those bands getting a leg up as their released music becomes popular while music only available with onerous conditions languishes. Lots of other artists do graphic or animation work just for the chance to be seen, and some of them are quite good. You may consider it "living in the woods" to listen to stuff that isn't the top 20; but I think lots of people will find that the "woods" is a friendlier and more trustworthy place than a world full of weasels who want to control their systems. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]