On 10/10/06, Brian Gladman <[EMAIL PROTECTED]> wrote:
I haven't been keeping up to date with this trusted computing stuff over
the last two years but when I was last involved it was accepted that it
was vital that the owner of a machine (not necessarily the user) should
be able to do the sort of things you suggest and also be able to exert
ultimate control over how a computing system presents itself to the
Only in this way can we undermine the treacherous computing model of
"trusted machines with untrusted owners" and replace it with a model in
which "trust in this machine requires trust in its owner" on which real
information security ultimately depends (I might add that even this
model has serious potential problems when most machine owners do not
Does anyone know the current state of affairs on this issue within the
Trusted Computing Group (and the marketed products of its members)?
1. The issue is still moot at present. We are a long way from where
open, public, remote attestion will be possible. See this diagram from
the Trousers open-source TPM software stack project which shows which
pieces are still missing:
There is actually another important piece missing from that diagram,
namely operating system support. At present the infrastructure would
only allow attestation at the OS-boot level, i.e. you could prove what
OS you booted. It's a big step from there to proving that you are
running a "safe" application, unless the service would require you to
reboot your machine into their OS every time you want to run their
2. Not an insider, but I haven't heard anything about serious efforts
to implement Owner Override or similar proposals. Instead, the
response seems to be to wait and hope all that fuss blows over.
3. What little evidence exists suggests that TCG is going in the
opposite direction. The 1.2 TPM is designed to work with Intel's
Lagrange Technology which will add improved process isolation and late
launch. This will make it possible to attest at the level of
individual applications, and provide protection against the local user
that a plain TPM system can't manage. 1.2 also adds a
cryptographically blinded attestation mode that gets rid of the ugly
"privacy ca" which acted as a TTP in 1.1, and which will make it
easier to move towards attestation.
4. Software remains the biggest question mark, and by software I mean
Microsoft. They have said nothing about attestation support in Vista.
Given the hostile response to Palladium I doubt there is much
enthusiasm about jumping back into that crocodile pit. It doesn't seem
to be stopping HD-DVD from moving forward, even though there is no
credible probability of an attestation feature appearing in the time
frame needed for these new video product introductions.
Without a driving market force to introduce attestation, and
tremendous social resistance, the status quo will probably prevail for
another couple of years. By that time LT will be available, TPMs will
be nearly universal but used only for improved local security, and
perhaps some tentative steps into attestation will appear. The initial
version might be targeted at corporate VPNs which will prevent mobile
employees from connecting unless their laptops attest as clean. This
would be an uncontroversial use of the technology except for its
possible implications as a first step towards wider use.
Whether we will eventually ever see the whole model, with attestation,
process isolation, sealed storage, and trusted i/o path all leading to
super-DRM, is very much an open question. So many barriers exist
between here and there that it seems unlikely that this will be seen
by anyone as the right solution to that problem, by then.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]