>There isn't really any security benefit obtained by hiding >the content of the attestation _from the party providing it_!
This statement reveals confusion between the "parties". There are at least three parties involved in an attestation: * The DRM'd product vendor (somewhere on the net) * The consumer (sitting at their PC) * The PC hardware and software vendors (building attestation in) There are strong reasons to hide the content of the attestation -- or even its mere existence -- from the consumer party. If consumers knew their PCs were spying on them and letting vendors say, "Sorry, our server is down today" not because the server is down, but because the consumer's PC is blacklisted, then consumers would be upset. It's a much simpler "customer relations" problem if it just doesn't happen to work, without the consumer ever finding out that they live in a redlined neighborhood and it will NEVER work for them. It's really easy to infer that DRM problems are going to be deliberately inscrutable. You don't see DRM vendors advertising the restrictions on their products. These restrictions aren't in boldface in the table of contents. They're hidden deep in the guts of the manual, if they appear at all. (In the list of error messages is where you usually find 'em, with a very brief mention.) It's the consumer's fault, or their ISP's fault, or somebody else's, if the site doesn't work for you. If your DAT recorder won't record, you must have cabled it up wrong. If your HDTV won't work, you ran it through your VCR by mistake. And if your music site won't download to you, you must have installed your software wrong, or there's a firewall problem, or your codecs are incompatible, or something. When the entire goal is to covertly change consumer behavior, by making things that are utterly legal simply NOT WORK, plain language about the restrictions has no place. Consumer problems caused by DRM are seldom advertised, documented, or reported as the DRM's fault. You can get a similar effect merely by turning off cookies and JavaScript today. (You *do* use a browser that has simple switches to turn these off, right? Mozilla is your friend, and it runs on your platform.) Web sites will start to fail at random, in inscrutable ways. Only about 1% of them will tell you "This site requires JavaScript" -- and of those that do, only about a quarter of them actually do require it. John Gilmore --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]