Re: Microsoft: Palladium will not limit what you can run
On Sat, 2003-03-15 at 05:12, Eugen Leitl wrote: > On Sat, 15 Mar 2003, Anonymous wrote: > > > Microsoft's point with regard to DRM has always been that Palladium had > > other uses besides that one which everyone was focused on. Obviously > > Of course it's useful. Does the usefulness outweigh the support for > special interests (DRM, governments, software monopolies)? There is no > value for the end user which can't be achieved with smart cards, which > have the additional potential of being removable and transportable. I have my own problems with Pd, but I'm not sure how remote attestation can be achieved without something like Pd or TCPA. And remote attestation is quite useful (although also dangerous) for online gaming, and distributed computing. -- -Dave Turner Stalk Me: 617 441 0668 "On matters of style, swim with the current, on matters of principle, stand like a rock." -Thomas Jefferson - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Bill Stewart writes: > >On Thursday, Mar 13, 2003, at 21:45 US/Eastern, Jay Sulzberger wrote: > >>The Xbox will not boot any free kernel without hardware modification. > >>The Xbox is an IBM style peecee with some feeble hardware and software > >>DRM. > > But is the Xbox running Nag-Scab or whatever Palladium was renamed? > Or is it running something of its own, perhaps using some similar > components? The Xbox is definitely not based on NGSCB; Microsoft told EFF very clearly last year that Palladium was still being designed and hadn't gone into manufacturing. The Xbox was certainly being sold then. The Xbox was analyzed by Andrew "bunnie" Huang, who found that it was using a sui generis security system. ftp://publications.ai.mit.edu/ai-publications/2002/AIM-2002-008.pdf -- Seth David Schoen <[EMAIL PROTECTED]> | Very frankly, I am opposed to people http://www.loyalty.org/~schoen/ | being programmed by others. http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003), |464 U.S. 417, 445 (1984) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Anish asked for references to Palladium. Using a search engine to find things with "palladium cryptography wasabisystems" or "palladium cypherpunks" will find a bunch of pointers to articles, some of them organized usefully. On Thursday, Mar 13, 2003, at 21:45 US/Eastern, Jay Sulzberger wrote: The Xbox will not boot any free kernel without hardware modification. The Xbox is an IBM style peecee with some feeble hardware and software DRM. But is the Xbox running Nag-Scab or whatever Palladium was renamed? Or is it running something of its own, perhaps using some similar components? At 12:38 AM 03/14/2003 -0500, Jeroen C. van Gelderen wrote: and sold by Microsoft below cost (aka subsidized). With the expectation that you will be buying Microsoft games to offset the initial loss. (You don't have a right to this subsidy, it is up to Microsoft to set the terms here.) It doesn't need to be below cost; Walmart was selling machines with capabilities fairly similar to the Xbox for less, and they certainly don't do anything below cost. (This was the ~$200 Linux PCs.) Now, the amortized development cost of those PCs is probably less than that of X-box, and they were a bit less compact hardware (though Xbox is pretty much of a porker compared to most of the other gamer boxes), and of course the "cost" of the Xbox might include some amortized cost of developing whichever Windows variation it uses, while Walmart didn't have that cost. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
> All video game > consoles are sold under cost today. This is wrong. Cf, http://www.actsofgord.com/Proclamations/chapter02.html /r$ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Jeroen C. van Gelderen schrieb am Fri, Mar 14, 2003 at 12:38:14AM -0500: [...] > > Obviously a vendor can restrict what kind of software runs on the > hardware he sells, either by contract or trough technical means. In the > latter case the consumer is of course free to circumvent the barriers, > provided that he lives in a free country. If he doesn't like the > vendor's policy, he is of course free to vote with his wallet. If all vendors have agreed to the same policy [TCPA] you may experiece problems when trying to manufacture your own MB/cpu at home. Voting does not make sense without alternatives. So DRM with collusion of too many vendors will be a problem that even market forces cannot solve easily if it is hard for newcomers to enter the market segment (who has the money to set up a chip plant?). Birger - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
On Sat, 15 Mar 2003, Anonymous wrote: > Microsoft's point with regard to DRM has always been that Palladium had > other uses besides that one which everyone was focused on. Obviously Of course it's useful. Does the usefulness outweigh the support for special interests (DRM, governments, software monopolies)? There is no value for the end user which can't be achieved with smart cards, which have the additional potential of being removable and transportable. > they fully expect people to use the technology. > > I'm not sure where you get the part about it being deployed under costs. > Is this more of the XBox analogy? That's a video game system, where No, I meant it's a nonnegligible incremental cost on the system. It increases the chipcount and/or the design complexity, and requires strong encryption on interchip and intercomponent bus traffic. I don't know what the increased cost on a motherboard is, but it's probably in the dollar range at least. Very nonegligible for an industry learned caution by low profit margins. There's clearly a long-term political motivation present. > the economics are totally dissimilar to commodity PC's. All video game > consoles are sold under cost today. PCs generally are not. This is a > misleading analogy. I notice that the technology is primarily rolled out in high-margin areas first like notbooks (and in game consoles where considerable front investments need to be protected). > In any case, DRM does not limit what programs people can run, at least > not to a greater degree than does any program which encrypts its data. This is a gross misrepresentation. Content (whether executable code or media, it doesn't really matter as the difference is blurring) can be keyed to individual machines. This kills copying. There's an intense battle going on between open science proponents and the likes of Elsevier. Distribution range of documents can be limited. Access to documents can be limited to specific time window. Secrets inserted at manufacture time ask for legislation demanding subpoenable records. Hardware can be made which prefers a specific vendor by selective disclosure of information. Capability for strong authentication asks for legislation making it nonfacultative, basically outlawing anonymity. Etc. etc. There are many way by which this envelope of technologies here informally called Pd will limit dissemination of information and increase control on side of governments and large companies. Above off-the-cuff list indicates it's a giant, yet untapped can of worms. Unlike subsidized smartcard readers to initial fax effect the user can only lose. > > Right. It's all completely voluntary. There will be no attempts whatsoever > > to lock-in, despite decades of attempts and considerable economic > > interests involved. > > Yes, it is completely voluntary, and we should all remain vigilant to > make sure it stays that way. And no doubt there will be efforts to > lock-in customers, just as there have been in the past. There is no > contradiction between these two points. This is an intensely political technology, and as such ignoring the political component by just focusing on fair and useful side of it will result in a very skewed estimate of its future impacts. It doesn't pay to be naive. Under the circumstances, it is much better to just block it. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Microsoft: Palladium will not limit what you can run
AARG!, having burned the nym with the moderator of this list and who is therefore now posting via the Hermes remailer commented on Microsoft, which similarly burned the Palladium name, claims: > Hopefully this will shed light on the frequent claims that > Palladium will limit what programs people can run, or "take > over root" on your computer, and similar statements by people > who ought to know better. It is too much to expect these > "experts" to publicly revise their opinions, but perhaps > going forward they can begin gradually to bring their claims > into line with reality. Part of me wonders if it worth my time to reply to this post, but what the heck, I'll take it. So let's talk about reality. It is true, at least for the moment, that Intel's La Grande initiative, which provides the hardware foundation for Palladium, just locks pages in memory that are designate as such by the application. It if further true that Palladium, as the aforementioned OS component, just designates certain blobs of data to be inaccessible to the user who has Ring 0 privileges. Whether Palladium takes over root on a computer or merely prevents the legitimate purchaser of a PC who otherwise has required privileges from performing certain actions on the PC that he legally owns with the data he lawfully created may be a matter of philosophical debate. For conciseness and clarity it suffices to say that the owner of a PC will not have root privileges on a PC on which Palladium is active and in force. No Microsoft press release can possibly alter this fact, since this restriction is fundamental to Palladium having any value at all to any entities. As Microsoft's John Manferdelli wrote: "How these new programs are built - and what they will require of the user - are questions for the application developer to answer." What John means is that Palladium in and by itself will not limit what applications you can run. Which is mostly true for the first phase. But if, in addition to Palladium, you would like to run application by vendors concerned about law-abiding, but undesirable, information flow, then you will find that the applications that you would like to run in addition to the above won't perform as expected. --Lucky - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Eugen Leitl writes: > Unfortunately no one can accept in good faith a single word coming out of > Redmond. Biddle has been denying Pd can be used for DRM in presentation > (xref Lucky Green subsequent patent claims to call the bluff), however in > recent (of this week) Focus interview Gates explicitly stated it does. I don't know what Gates said in this "Focus interview" but you have misstated the history here. Microsoft has never denied that Palladium can be used for DRM. Rather, the issue with regard to Lucky Green's supposed patent application (whatever happened to that, anyway?) was whether Palladium would be used for software copy protection. Microsoft said that they couldn't think of any way to use it for that purpose. See http://www.mail-archive.com/[EMAIL PROTECTED]/msg02554.html. > Let's see, we have an ubiquitous built-in DRM infrastructure, developed > under great expense and deployed under costs in an industry turning over > every cent twice, and no-one is going to use it ("Palladium will limit > what programs people can run")? Microsoft's point with regard to DRM has always been that Palladium had other uses besides that one which everyone was focused on. Obviously they fully expect people to use the technology. I'm not sure where you get the part about it being deployed under costs. Is this more of the XBox analogy? That's a video game system, where the economics are totally dissimilar to commodity PC's. All video game consoles are sold under cost today. PCs generally are not. This is a misleading analogy. In any case, DRM does not limit what programs people can run, at least not to a greater degree than does any program which encrypts its data. > Right. It's all completely voluntary. There will be no attempts whatsoever > to lock-in, despite decades of attempts and considerable economic > interests involved. Yes, it is completely voluntary, and we should all remain vigilant to make sure it stays that way. And no doubt there will be efforts to lock-in customers, just as there have been in the past. There is no contradiction between these two points. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Hermes Remailer wrote: >Hopefully this will shed light on the frequent claims that Palladium will >limit what programs people can run, [...] That's a strawman argument. The problem is not that Palladium will *itself* directly limit what I can run; the problem is what Palladium enables. Why are you focusing on strawmen? Why did you omit the real concerns about technology like Palladium? Palladium could enable big vendors to limit what applications I can run. Palladium could enable big vendors to behave anti-competitively. Palladium could enable big vendors to build document formats that aren't interoperable with open-source software. Palladium could be a net negative for consumers. Many of these risks are already possible today without Palladium, but Palladium may increase the risks. These risks are by no means guaranteed to occur, but they are a real risk. Shouldn't we think carefully about this technology before we deploy it? Shouldn't we at least consider these risks? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Hi all, I would be really glad to know more on Pallidium .I have tried to get some info but havent been able to get much. I would be really thankful if some one could give me some pointers.This is inspite of having sat through two lectures one from Graeme Proudler(H.P. Research Labs),and Fabien Petitcolas ( Microsoft research , the title of the talk was ,A brief overview of Palladium ). thanks in advance regards anish - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
On Thursday, Mar 13, 2003, at 21:45 US/Eastern, Jay Sulzberger wrote: On Thu, 13 Mar 2003, Hermes Remailer wrote: The following comes from Microsoft's recent mailing of their awkwardly named "Windows Trusted Platform Technologies Information Newsletter March 2003". Since they've abandoned the Palladium name they are forced to use this cumbersome title. Hopefully this will shed light on the frequent claims that Palladium will limit what programs people can run, or "take over root" on your computer, and similar statements by people who ought to know better. It is too much to expect these "experts" to publicly revise their opinions, but perhaps going forward they can begin gradually to bring their claims into line with reality. The Xbox will not boot any free kernel without hardware modification. The Xbox is an IBM style peecee with some feeble hardware and software DRM. and sold by Microsoft below cost (aka subsidized). With the expectation that you will be buying Microsoft games to offset the initial loss. (You don't have a right to this subsidy, it is up to Microsoft to set the terms here.) A Palladiated box is an IBM style peecee with serious hardware and software DRM. and sold by numerous vendors. With no expectations like the ones above. So, a fortiori, your claim is false. So, a fortiori you are comparing apples with oranges. Or you may have left out the part of your argument that bridges this gap. Obviously a vendor can restrict what kind of software runs on the hardware he sells, either by contract or trough technical means. In the latter case the consumer is of course free to circumvent the barriers, provided that he lives in a free country. If he doesn't like the vendor's policy, he is of course free to vote with his wallet. Your conclusion may or may not be warranted but it can definitely not be drawn from this 3-sentence argument. Cheers, -J -- Jeroen C. van Gelderen - [EMAIL PROTECTED] "They accused us of suppressing freedom of expression. This was a lie and we could not let them publish it." -- Nelba Blandon, Nicaraguan Interior Ministry Director of Censorship - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Unfortunately no one can accept in good faith a single word coming out of Redmond. Biddle has been denying Pd can be used for DRM in presentation (xref Lucky Green subsequent patent claims to call the bluff), however in recent (of this week) Focus interview Gates explicitly stated it does. This is merely a most recent lie in a long sequence of it. Operating from behind an anonymous remailer doesn't quite have the same handicap as having microsoft.com as part of your email address, but the heavy spinmeistering does reveal the origin as reliably. You can use your real emal address next time. Let's see, we have an ubiquitous built-in DRM infrastructure, developed under great expense and deployed under costs in an industry turning over every cent twice, and no-one is going to use it ("Palladium will limit what programs people can run")? Right. It's all completely voluntary. There will be no attempts whatsoever to lock-in, despite decades of attempts and considerable economic interests involved. On Thu, 13 Mar 2003, Hermes Remailer wrote: > Hopefully this will shed light on the frequent claims that Palladium will > limit what programs people can run, or "take over root" on your computer, > and similar statements by people who ought to know better. It is too > much to expect these "experts" to publicly revise their opinions, but > perhaps going forward they can begin gradually to bring their claims > into line with reality. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
On Thu, 13 Mar 2003, Hermes Remailer wrote: > The following comes from Microsoft's recent mailing of their awkwardly > named "Windows Trusted Platform Technologies Information Newsletter > March 2003". Since they've abandoned the Palladium name they are forced > to use this cumbersome title. > > Hopefully this will shed light on the frequent claims that Palladium will > limit what programs people can run, or "take over root" on your computer, > and similar statements by people who ought to know better. It is too > much to expect these "experts" to publicly revise their opinions, but > perhaps going forward they can begin gradually to bring their claims > into line with reality. The Xbox will not boot any free kernel without hardware modification. The Xbox is an IBM style peecee with some feeble hardware and software DRM. A Palladiated box is an IBM style peecee with serious hardware and software DRM. So, a fortiori, your claim is false. oo--JS. > > An Open and Interoperable Foundation for Secure Computing > > By John Manferdelli, General Manager, Windows Trusted Platform Technologies > Microsoft Corporation > > The Next-Generation Secure Computing Base (NGSCB) is part of Microsofts > long-term effort to deliver on our vision of Trustworthy Computing. We > are pleased that independent observers and many journalists continue > to show interest in NGSCB and what it will enable. While much of the > response has been positive, especially among analysts, security experts > and people concerned with privacy, we recognize that there are still > questions about NGSCB, and still a great deal of misunderstanding and > speculation around our intentions. > > In this newsletter Id like to set the record straight on one of the more > common and persistent concerns, specifically that the NGSCB architecture > will limit the things that people can do with computers by forcing them > to run only approved software, or software that is digitally signed. > In fact, NGSCB intends to do no such thing. It is important to understand > that NGSCB is operating system technology. Just as anyone can build a > program to run on Windows today using widely-published APIs, they will > be able to build new programs tomorrow that take advantage of the NGSCB > architecture when it is included in a future version of Windows. How these > new programs are built and what they will require of the user are > questions for the application developer to answer. But NGSCB inherently > has no requirements forcing approval of code, digital signatures, or > any other such qualifying mechanism. NGSCB will run any software that is > built to take advantage of its capabilities, and it will only run with > the users approval. Moreover, even when NGSCB is running, programs that > are not using NGSCB features will operate just as they do today. It is > true that NGSCB functionality can be used by an application (written by > anyone) to enforce a policy that is agreed to by a user and a provider, > including policies related to other software that the application can > load. Such a policy could, for example: > > - Govern how private information is used by software > - Prevent malicious code from snooping private information, stealing keys, > or corrupting important information (i.e., banking transaction data) > - Govern how intellectual property running inside the application can > be used > > Policies like these could be set by the user at his or her sole > discretion, or they could be set in a manner mutually agreed to by > a user and one or more parties. However, NGSCB does no screening of > application components or content, and if any screening took place, > it would be within the isolated bounds of an application running under > NGSCB. Moreover, no NGSCB application can censor content played by > another NGSCB application. > > Policy in the Hands of the User > > The extent to which the NGSCB will be beneficial will largely depend on > the wisdom of the policies that people choose to embrace. We are designing > NGSCB to give individuals visibility to the policies available to them > in the programs they run, as well as control over how they proceed. By > offering new features to enhance privacy, security and system integrity, > we can foresee NGSCB enabling a wide range of beneficial scenarios, > including the following: > > - Helping to protect personal medical information > - Preventing a bad application from interfering with a banking transaction > - Preventing viruses from harming programs or data > - Preventing unauthorized people or applications from accessing a computer > remotely and carrying out unauthorized actions > > My colleagues and I appreciate your interest in the work we are doing. We > know we still have a lot of work to do, and value the beneficial influence > that discussion and debate provide as we strive to deliver trustworthy > computing technologies. > > - John Manferdelli ---