[ltp] TCPA on Thinkpads

Tod Harter linux-thinkpad@linux-thinkpad.org
Wed, 19 Mar 2003 22:09:19 -0500 

Yet Palladium inherently needs to build on something like TCPA. Granted you 
could implement it in software only, but realistically it wouldn't be too 
long before people got tired of having to remember their 128 character 
passphrases to unlock their keys just so they could listen to Dire Straights 
"Money for Notheg" on their MP500...

Your analogy to the knife is fine, but the founding fathers in this country 
saw fit to give EVERYONE guns, not just the government, and there was a good 
reason for that! TCPA is like a gun, and its in the hand of the software 
vendor when its coupled with Palladium, which it WILL be. The economic 
argument is clear and compelling.

I wouldn't put guns only in the hands of the enemy (and everyone on this list 
pretty much knows Bill Gates ain't our friend), would you? If you would, then 
you are trading freedom for security, and I think we all know how that one 
goes.

Yes, a TCPA chip is a nice feature and a nice convenience. Now please inform 
IBM that I don't really need it that badly ;o).

On Wednesday 19 March 2003 06:40 pm, Pam Huntley wrote:
> >Ross Anderson says different:
> >
> >http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
> >
> >i think what is of concern is not what tcpa is being used for currently
> >but what it *might* be used for.
>
> 
> Yeah, and you can use a knife to cut a cake or kill someone, it doesn't
> mean knives should be banned forever.
> 
> Besides, I really don't think the TCPA chip lends anything to DRM (Digital
> Rights Management).    You should read the link posted earlier:
> http://www.research.ibm.com/gsal/tcpa/
> 
> The guy from IBM research talks about how even if DRM used the chip, it
> wouldn't be very effective:
> 
> "TCPA was designed to protect the user’s data from external attack, not
> from attack by the owner. Defending
> against owner attack is a much harder problem in hardware tamper
> resistance. TCPA
> chips have not been designed to resist local hardware attack, such as
> power analysis,
> RF analysis, or timing analysis. This is one of the examples that show
> that TCPA
> was not intended for DRM, which requires much higher levels of tamper
> resistance,
> since you don’t trust the owner."
> 
> The TCPA chip is something at lot more like a smart card, rather than like
> Palladium or whatever it is that Microsoft is trying to do.
> 
> PamN{x%�gja�ff)��JZv�ffX)ߣb�)

-- 
Tod Harter
Giant Electronic Brain