On Fri, 9 Jan 2004, Scott Guthery wrote: > Let's strive for a little technical accuracy here. > > You don't hand over control of your system to MS. You hand it over to > the TCPA Privacy Certificate Authority. This could be you. This could > be MGM. It could be your local police department. It could be your > employer. It could be your favorite sports team. It will probably be > the manufacturer (OK, assembler) of the platform, i.e. IBM, Dell, HP, > etc. It is very unlikely that it will be MS.
Unless you need that security update to fix the vulnerability... Who do you think owns the TCPA ... (at least is the 800 pound gorilla in the thing) The likelyhood that it will be the owner is slim to none. Once the certificate is in place you have no control over the updates/patches. You have to have the certificate in place to install the software (at least if it is MS software). And you still loose the ability to repair the hardware. Think what happens if the motherboard goes south. You need a new certificate... and new software... And the likelyhood of Dell/HP/manufacturer will NOT use a MS certificate is so close to zero that it won't make any difference. After all, they don't want to have to deal with generating patch signatures, perform certificate management, ... And have you considered what happens if your vendor DOES perform these functions? If the vendor goes bust, you are dead in the water. Don't pay to keep the certificate valid... and it gets revoked... you are dead in the water again. And I suspect, MS software won't even run... Talk about a customer lock in. It is no wonder MS wants this shoved down our throat. It also completly kills the resale value of the hardware (another desirable feature from MS point of view). Some of this won't happen right away.. give MS some time to get everybody suckered in first. The base hardware description doesn't really look that bad. Unfortunately there are so many "undocumented" side effects possible that I don't trust it for anything. > Of course, a number of additional parties have to trust your Privacy CA > before you have an up-and-running TCPA platform and if they don't trust > the Hillside Bombers then you are dead in the water. BS. If they want my money, then they will trust me. If they don't, then don't bother me. And they are ALL in MS hip pocket. > You can also simply turn it off if you like. Of course the consequence > may be that you can't download reruns of Leave It To Beaver but life is > like that. Actually -- I don't want to pay for it in the first place. Second, I'm not sure you will be able to turn it off. Once it is in place MS software will dammn sure check to make sure it is on, or it won't function, in spite of words to the contrary. I might be willing to use the capability, but only if I fully control the capability. As in being able to load MY certificates, My security program, My OS. BTW, has anybody taken out bets on how long it will take before it is hacked? I give it 6 months - after all, the worst security programmers in the world are implementing the thing. And no - I DON'T trust MS. And I think there are fewer and fewer countries that do either. I may have to buy motherboards from Tiwan/Japan Korea instead of from US vendors. As well as buy non Intel/AMD processors. ------------------------------------------------------------------------- Jesse I Pollard, II Email: [EMAIL PROTECTED] Any opinions expressed are solely my own. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
