William Arbaugh wrote: >On Dec 16, 2003, at 5:14 PM, David Wagner wrote: >> Jerrold Leichter wrote: >>> We've met the enemy, and he is us. *Any* secure computing kernel >>> that can do >>> the kinds of things we want out of secure computing kernels, can also >>> do the >>> kinds of things we *don't* want out of secure computing kernels. >> >> I don't understand why you say that. You can build perfectly good >> secure computing kernels that don't contain any support for remote >> attribution. It's all about who has control, isn't it? >> >There is no control of your system with remote attestation. Remote >attestation simply allows the distant end of a communication to >determine if your configuration is acceptable for them to communicate >with you.
But you missed my main point. Leichter claims that any secure kernel is inevitably going to come with all the alleged harms (DRM, lock-in, etc.). My main point is that this is simply not so. There are two very different pieces here: that of a secure kernel, and that of remote attestation. They are separable. TCPA and Palladium contain both pieces, but that's just an accident; one can easily imagine a Palladium-- that doesn't contain any support for remote attestation whatsoever. Whatever you think of remote attestation, it is separable from the goal of a secure kernel. This means that we can have a secure kernel without all the harms. It's not hard to build a secure kernel that doesn't provide any form of remote attestation, and almost all of the alleged harms would go away if you remove remote attestation. In short, you *can* have a secure kernel without having all the kinds of things we don't want. Leichter's claim is wrong. This is an important point. It seems that some TCPA and Palladium advocates would like to tie together security with remote attestion; it appears they would like you to believe you can't have a secure computer without also enabling DRM, lock-in, and the other harms. But that's simply wrong. We can have a secure computer without enabling all the alleged harms. If we don't like the effects of TCPA and Palladium, there's no reason we need to accept them. We can have perfectly good security without TCPA or Palladium. As for remote attestion, it's true that it does not directly let a remote party control your computer. I never claimed that. Rather, it enables remote parties to exert control over your computer in a way that is not possible without remote attestation. The mechanism is different, but the end result is similar. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]