On 11 Aug 2002, David Wagner wrote: > Ben Laurie wrote: > >Mike Rosing wrote: > >> The purpose of TCPA as spec'ed is to remove my control and > >> make the platform "trusted" to one entity. That entity has the master > >> key to the TPM. > >> > >> Now, if the spec says I can install my own key into the TPM, then yes, > >> it is a very useful tool. > > > >Although the outcome _may_ be like this, your understanding of the TPM > >is seriously flawed - it doesn't prevent your from running whatever you > >want, but what it does do is allow a remote machine to confirm what you > >have chosen to run. > > > >It helps to argue from a correct starting point. > > I don't understand your objection. It doesn't look to me like Rosing > said anything incorrect. Did I miss something? > > It doesn't look like he ever claimed that TCPA directly prevents one from > running what you want to; rather, he claimed that its purpose (or effect) > is to reduce his control, to the benefit of others. His claims appear > to be accurate, according to the best information I've seen.
In a way everybody is right. It's true that TPM doesn't interfere with operating code - it interferes with the user controlling the way the code operates. For a remote machine to *know* that a TPM is doing what it says, the user of the remote machine must be denied access (physcially) from the operating code. I don't see any way around that physical reality. We can go on forever about the social implications (and I hope we will :-) but I don't see a flaw in my basic understanding. Now, if the remote machine and I have predefined trust, then I can use regular PKI and I don't need TCPA or a TPM. It seems to me the fundamental question is still who is charge of what. Patience, persistence, truth, Dr. mike
