The following comes from Microsoft's recent mailing of their awkwardly
named "Windows Trusted Platform Technologies Information Newsletter
March 2003".  Since they've abandoned the Palladium name they are forced
to use this cumbersome title.

Hopefully this will shed light on the frequent claims that Palladium will
limit what programs people can run, or "take over root" on your computer,
and similar statements by people who ought to know better.  It is too
much to expect these "experts" to publicly revise their opinions, but
perhaps going forward they can begin gradually to bring their claims
into line with reality.


An Open and Interoperable Foundation for Secure Computing

By John Manferdelli, General Manager, Windows Trusted Platform Technologies
Microsoft Corporation

The Next-Generation Secure Computing Base (NGSCB) is part of Microsoft’s
long-term effort to deliver on our vision of Trustworthy Computing. We
are pleased that independent observers and many journalists continue
to show interest in NGSCB and what it will enable. While much of the
response has been positive, especially among analysts, security experts
and people concerned with privacy, we recognize that there are still
questions about NGSCB, and still a great deal of misunderstanding and
speculation around our intentions.

In this newsletter I’d like to set the record straight on one of the more
common and persistent concerns, specifically that the NGSCB architecture
will limit the things that people can do with computers by forcing them
to run only “approved” software, or software that is digitally signed.
In fact, NGSCB intends to do no such thing. It is important to understand
that NGSCB is operating system technology. Just as anyone can build a
program to run on Windows today using widely-published APIs, they will
be able to build new programs tomorrow that take advantage of the NGSCB
architecture when it is included in a future version of Windows. How these
new programs are built — and what they will require of the user — are
questions for the application developer to answer. But NGSCB inherently
has no requirements forcing approval of code, digital signatures, or
any other such qualifying mechanism. NGSCB will run any software that is
built to take advantage of its capabilities, and it will only run with
the user’s approval. Moreover, even when NGSCB is running, programs that
are not using NGSCB features will operate just as they do today.  It is
true that NGSCB functionality can be used by an application (written by
anyone) to enforce a policy that is agreed to by a user and a provider,
including policies related to other software that the application can
“load.” Such a policy could, for example:

- Govern how private information is used by software
- Prevent malicious code from snooping private information, stealing keys,
  or corrupting important information (i.e., banking transaction data)
- Govern how intellectual property running inside the application can
  be used

Policies like these could be set by the user at his or her sole
discretion, or they could be set in a manner mutually agreed to by
a user and one or more parties. However, NGSCB does no screening of
application components or content, and if any “screening” took place,
it would be within the isolated bounds of an application running under
NGSCB. Moreover, no NGSCB application can “censor” content played by
another NGSCB application.

Policy in the Hands of the User

The extent to which the NGSCB will be beneficial will largely depend on
the wisdom of the policies that people choose to embrace. We are designing
NGSCB to give individuals visibility to the policies available to them
in the programs they run, as well as control over how they proceed. By
offering new features to enhance privacy, security and system integrity,
we can foresee NGSCB enabling a wide range of beneficial scenarios,
including the following:

- Helping to protect personal medical information
- Preventing a bad application from interfering with a banking transaction
- Preventing viruses from harming programs or data 
- Preventing unauthorized people or applications from accessing a computer
  remotely and carrying out unauthorized actions

My colleagues and I appreciate your interest in the work we are doing. We
know we still have a lot of work to do, and value the beneficial influence
that discussion and debate provide as we strive to deliver trustworthy
computing technologies.

- John Manferdelli 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to