On Mon, 2005-11-14 at 09:32 +0100, Bas Wijnen wrote: > This is not about things for customers, it's about things for service > providers. I know in some cases the line between them is blurry. > > Say I provide a service to people who don't know you, for example web > hosting. Assume that you want to use my service for your company, and that > you want to put some internal secret company data in a protected section of > your site. You will want to make sure that unauthorized people cannot access > that data, and that includes me. So if I don't prove to you that I am unable > to access it, you will not do business with me, or at least not put that data > on it. Then we both lose....
The service provisioning business is one of the postive uses of TPM technology that I can see. And this is a great example where the system administrator is not really trusted. However, the incentive is a little stronger than you suggest. If a service provider business emerges, and the open source community has decided NOT to support attestation in some form, then one of two things will happen: 1. Somebody will add it in, or 2. Customers will be forced to use non-open systems The competitive issue here is serious. However, this is also an example where the provider can consent on a case by case basis. For example, they might say "I will respond to attestation requests for certain things, but not my music player". shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
