Nomen Nescio wrote: >Carl Ellison suggested an alternate way that TCPA could work to allow >for revoking virtualized TPMs without the privacy problems associated >with the present systems, and the technical problems of the elaborate >cryptographic methods. [...] >Instead of burning only one key into the TPM, burn several. Maybe even >a hundred. And let these keys be shared with other TPMs. Each TPM has >many keys, and each key has copies in many TPMs. > >Now let the TPMs use their various keys to identify themselves in >transactions on the net. Because each key belongs to many different >TPMs, and the set of TPMs varies for each key, this protects privacy. >Any given usage of a key can be narrowed down only to a large set of >TPMs that possess that key.
One challenge is that, if I can interact with the same TPM many times and convince it to use a different signing key each time, I can learn its entire set of signing keys and thereby have a reliable identity marker. One way to convince a TPM to use a different key each time might be to present a different revocation list each time. It's not clear to me exactly how to defend against this sort of attack.