Let's strive for a little technical accuracy here. You don't hand over control of your system to MS. You hand it over to the TCPA Privacy Certificate Authority. This could be you. This could be MGM. It could be your local police department. It could be your employer. It could be your favorite sports team. It will probably be the manufacturer (OK, assembler) of the platform, i.e. IBM, Dell, HP, etc. It is very unlikely that it will be MS.
Of course, a number of additional parties have to trust your Privacy CA before you have an up-and-running TCPA platform and if they don't trust the Hillside Bombers then you are dead in the water. You can also simply turn it off if you like. Of course the consequence may be that you can't download reruns of Leave It To Beaver but life is like that. Cheers, Scott -----Original Message----- From: Jesse I Pollard [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 2:10 PM To: [EMAIL PROTECTED] Subject: Re: [Muscle] Smartk, a smart card framework for the Linux Kernel On Fri, 9 Jan 2004, Bettina Martelli wrote: > Hello, Roberto, Ludovic, and Jesse, > hello list, > > Jesse I Pollard wrote: > > > On Thu, 8 Jan 2004, Ludovic Rousseau wrote: > > > > > >>Le jeudi 08 janvier 2004 ? 16:57:33, Roberto Gassira' a ?crit: > >> > >>>On Thu, 8 Jan 2004, Jesse I Pollard wrote: > > >>>3) The integration of a kernel-level architecture and a user-level > >>> smart card interface is unsafe and unpratical. > >> > >>That's still to be demonstrated. > >>I don't know how you can use a Unix system if you don't trust at > >>least some processes/programs in user space. > > > > > > Problem has been worked on in much detail... Common Criteria, the US > > Orange Book... > > > > The easiest is to use compartments and assigned roles with each > > controled executable with a label that determine access rights (both > > execute, read OR write). Or the older access matrix using > > multi-level security (compartments, and levels; augmented with roles). > > > may I also add ... TCPA? ;-) > > It looks for me like an attempt to build a trusted linux with a smart > card based TCM. > Maybe a good idea, as an alternative to a fixed TPM. > It's not a coincidence that Roberto cited Arbaugh, the one critic of > TCPA who proposed a modification instead of the complete rejection of > TCPA. :-) ... Personally, I think TCPA is a MS get-out-of-jail due to their inability to write a secure OS. All the TCPA really does is implement a trusted kernel to run a non-trusted OS (anybody recognize "microkernel" in this?). And prevent ANY access to the system other than theirs. And except for the boot procedure, I don't see any significant difference. <paranoid mode on>MS wants to own the entire computer industry and outlaw any programmers other than their own...</paranoid mode> :-) The real vulnerability in TCPA is MS own -- the first of these systems that gets hacked will open ALL the other systems using it (when MS driven, that is). My major objection is that it requires handing over control of your system to MS. > on 08.01.04 16:57 Roberto Gassira' wrote: > > > > William Arbaugh et al. proposed an architecture that features a > > chain of verification of the integrity of the several levels of a > system > starting from the BIOS [2] (including the system kernel). > They also > improved this architecture allowing the usage of a smart > card as key > storage [3]. > > > .... > > > > [2] W. Arbaugh, D. Farber, J. Smith (1997) > "A Secure and > Reliable Bootstrap Architecture", Proceedings of 1997 IEEE > > Symposium on Security and Privacy, pp. 65--71 (I left this on for future reference :-) ------------------------------------------------------------------------ - Jesse I Pollard, II Email: [EMAIL PROTECTED] Any opinions expressed are solely my own. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
