[11895] in cryptography@c2.net mail archive
Re: Palladium -- trivially weak in hw but "secure in software"??
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Tue Oct 22 16:28:43 2002
In-Reply-To: <20021022165216.A139705@exeter.ac.uk>
Date: Tue, 22 Oct 2002 15:29:26 -0400
To: Adam Back <adam@cypherspace.org>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: Cypherpunks <cypherpunks@minder.net>,
Cryptography <cryptography@wasabisystems.com>, dcsb@ai.mit.edu
At 4:52 PM +0100 10/22/02, Adam Back wrote:
>Remote attestation does indeed require Palladium to be secure against
>the local user.=A0
>
>However my point is while they seem to have done a good job of
>providing software security for the remote attestation function, it
>seems at this point that hardware security is laughable.
I think the most important phrase above is "at this point." Palladium=20
is still being designed. I'd argue that the software/firmware=20
portion is the trickiest to get right. It seems rational for=20
Microsoft to let that design mature, then analyze the remaining=20
hardware threats and turn the hardware engineers loose to try to plug=20
them.
Palladium has to be viewed in the larger context of a negotiation=20
between Microsoft and Hollywood (I include here all the content=20
owners: movie studios, recording industry, book publishers, etc. ).=20
Hollywood would prefer a completely closed PC architecture, where=20
consumers' use of the computer could be tightly monitored and=20
controlled. They perceive general purpose computing as we know and=20
love it to be a mortal threat to their continued existence. Keeping=20
the content of DVDs and future media locked up is not enough in their=20
eyes. They want all material displayed to be checked for watermarks=20
and blocked or degraded if the PC owner hasn't paid for the content.
Microsoft wants to preserve general purpose computing because it=20
realizes that in a closed architecture, the OS would become a mere=20
commodity component and the consumer electronics giants would=20
eventually displace Microsoft. On the other hand, Microsoft needs=20
Hollywood provide the kind of content that will drive PC sales and=20
upgrades. The base line PC platform of today or even two years ago is=20
powerful enough for most consumers and businesses. People are keeping=20
their PCs longer and not upgrading them as often. Most everyone who=20
wants a PC (at least in North America) already has one. Microsoft=20
needs something new to drive sales.
I expect Microsoft and Hollywood to haggle over the final specs for=20
Palladium PCs and no doubt additional hardware protection measures=20
will be included. The actual spec may well be kept secret, with NDA=20
access only. Hollywood will hold two strong card at the table: its=20
content and the threat of legislation. I'm sure Senator Hollings is=20
watching developments closely.
The big question in my mind is how to get PC consumers a place at the=20
bargaining table. It seems to me that PC consumers have three tools:=20
votes, wallets and technology. The Internet is well suited to=20
political organizing. Remember the amount of mail generated by the=20
modem tax hoax? Consumer boycotts are another powerful threat, given=20
how powerful and upgradable existing computer already are. Technology=20
can provide an alternative way to gain the benefits that will be=20
touted for controlled computing. Anti-virus and anti-DDS techniques=20
come to mind. Also, since I expect an eventual push to ban=20
non-Palladium computers from the Internet, alternative networking=20
technology will be important.
The Palladium story is just beginning.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
