On Sun, Dec 21, 2003 at 08:55:16PM -0800, Carl Ellison wrote: > > IBM has started rolling out machines that have a TPM installed. > [snip ...] > Then again, TPMs cost money and I don't know any private individuals who are > willing to pay extra for a machine with one. Given that, it is unlikely > that TPMs will actually become a popular feature.
Personally, I own a laptop (T30) with the TPM chip, and I paid extra for the chip, but that is because I am a researcher interested in seeing what I can get the chip to do. I think that it is possible that they will sell a lot of TPM chips. IBM is currently calling it the "IBM Security Subsystem 2.0" or something like that, which sounds a lot less threatening and more useful than "trusted platform module". It depends a lot on the marketing strategy. If they can make it sound useful, that will take them far. > Some TPM-machines will be owned by people who decide to do what I > suggested: install a personal firewall that prevents remote attestation. > With wider dissemination of your reasoning, that number might be higher than > it would be otherwise. Agreed. The first thing I did when writing code was to figure out how to turn it off. THen I figured out how to enable most of the functionality while disabling the built-in attestation key. > Meanwhile, there will be hackers who accept the challenge of > defeating the TPM. There will be TPM private keys loose in the world, > operated by software that has no intention of telling the truth to remote > challengers. And this will be simplier than most people think. From what I understand about the current TPM designs, the TPM chip is NOT designed to be tamper-resistant. The IBM researchers told me that it is possible to read the secrets from the TPM chip with a standard bus reader. I've been meaning to wander over to the Computer Engineering department and borrow one of those to verify this claim. Based on this, it shouldn't be hard for a set of people to extract their keys from their TPM chips and spread them around the internet, emulating a real TPM. This I see as a major stumbling block for DRM systems based on TCPA. TCPA works very well against purely-software threats, but as far as protecting against computer owners and determined attackers, I'm not so sure. > At this point, a design decision by the TCPA (TCG) folks comes into > play. There are ways to design remote attestation that preserve privacy and > there are ways that allow linkage of transactions by the same TPM. > > Either of these outcomes will kill the TCG, IMHO. I agree. This is why to make the TPM a success, specifically for something like DRM, the companies advocating it will have to convince the users that it is a good thing. This is the same problem they have now. They have to make the users *want* to use the trusted DRM features and *not* want to subvert them. They can do this by making the DRM features mostly unseen and providing cheap and effective ways for people to get the media that they want in the formats that they want. If they try to fight their own users, there will be enough ways of getting around TCPA for the users to fight back. > You postulated that someday, when the TPM is ubiquitous, some > content providers will demand remote attestation. I claim it will never > become ubiquitous, because of people making my choice - and because it takes > a long time to replace the installed base - and because the economic model > for TPM deployment is seriously flawed. Well, there are a couple things that could change this. If other, non-DRM uses of the TPM chip become popular (say for example that everyone wants to use it to encrypt their hard drive), then that could speed deployment of the chip, since that functionality is also bundled with the remote attestation functionality. I know that then creates a market for a chip that does what is needed without the remote attestation functionality, but it then becomes business, not technology, that determines which people buy. > If various service or content providers elect not to allow me service > unless I do remote attestation, I then have 2 choices: use the friendly > web service that will lie for me - or decline the content or service. Correct. However, this is where copyright and other government-granted monopolies come into play. If I want a specific piece of copyrighted material (say, a song), I have to either deal with the copyright owner (RIAA) on their terms (remote attestation), not get the song, or break the law. None of those three alternatives sound very good. The best chance is education of the masses, so everyone chooses one of the latter two and makes it economically infeasible for the RIAA to maintain their draconian terms. Then we have a useful piece of hardware in our computers (TCPA), subsidised largely by people like the RIAA, but who can't use it for economic reasons. That would be the ideal outcome. There are many legitimate uses of remote attestation that I would like to see. For example, as a sysadmin, I'd love to be able to verify that my servers are running the appropriate software before I trust them to access my files for me. Remote attestation is a good technical way of doing that. ANd its nice that people like the RIAA are pushing to have such hardware built into my machines, because now I don't have to do the push. All I have to do is make sure I can use their hardware for my purposes, which seems like the case right now. Rick Wash --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]