The following comes from Microsoft's recent mailing of their awkwardly named "Windows Trusted Platform Technologies Information Newsletter March 2003". Since they've abandoned the Palladium name they are forced to use this cumbersome title.
Hopefully this will shed light on the frequent claims that Palladium will limit what programs people can run, or "take over root" on your computer, and similar statements by people who ought to know better. It is too much to expect these "experts" to publicly revise their opinions, but perhaps going forward they can begin gradually to bring their claims into line with reality. ======================================================================= An Open and Interoperable Foundation for Secure Computing By John Manferdelli, General Manager, Windows Trusted Platform Technologies Microsoft Corporation The Next-Generation Secure Computing Base (NGSCB) is part of Microsoft’s long-term effort to deliver on our vision of Trustworthy Computing. We are pleased that independent observers and many journalists continue to show interest in NGSCB and what it will enable. While much of the response has been positive, especially among analysts, security experts and people concerned with privacy, we recognize that there are still questions about NGSCB, and still a great deal of misunderstanding and speculation around our intentions. In this newsletter I’d like to set the record straight on one of the more common and persistent concerns, specifically that the NGSCB architecture will limit the things that people can do with computers by forcing them to run only “approved” software, or software that is digitally signed. In fact, NGSCB intends to do no such thing. It is important to understand that NGSCB is operating system technology. Just as anyone can build a program to run on Windows today using widely-published APIs, they will be able to build new programs tomorrow that take advantage of the NGSCB architecture when it is included in a future version of Windows. How these new programs are built — and what they will require of the user — are questions for the application developer to answer. But NGSCB inherently has no requirements forcing approval of code, digital signatures, or any other such qualifying mechanism. NGSCB will run any software that is built to take advantage of its capabilities, and it will only run with the user’s approval. Moreover, even when NGSCB is running, programs that are not using NGSCB features will operate just as they do today. It is true that NGSCB functionality can be used by an application (written by anyone) to enforce a policy that is agreed to by a user and a provider, including policies related to other software that the application can “load.” Such a policy could, for example: - Govern how private information is used by software - Prevent malicious code from snooping private information, stealing keys, or corrupting important information (i.e., banking transaction data) - Govern how intellectual property running inside the application can be used Policies like these could be set by the user at his or her sole discretion, or they could be set in a manner mutually agreed to by a user and one or more parties. However, NGSCB does no screening of application components or content, and if any “screening” took place, it would be within the isolated bounds of an application running under NGSCB. Moreover, no NGSCB application can “censor” content played by another NGSCB application. Policy in the Hands of the User The extent to which the NGSCB will be beneficial will largely depend on the wisdom of the policies that people choose to embrace. We are designing NGSCB to give individuals visibility to the policies available to them in the programs they run, as well as control over how they proceed. By offering new features to enhance privacy, security and system integrity, we can foresee NGSCB enabling a wide range of beneficial scenarios, including the following: - Helping to protect personal medical information - Preventing a bad application from interfering with a banking transaction - Preventing viruses from harming programs or data - Preventing unauthorized people or applications from accessing a computer remotely and carrying out unauthorized actions My colleagues and I appreciate your interest in the work we are doing. We know we still have a lot of work to do, and value the beneficial influence that discussion and debate provide as we strive to deliver trustworthy computing technologies. - John Manferdelli --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]