[4040] in cryptography@c2.net mail archive
Re: A different take on Intel's RSA announcements
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Thu Jan 21 21:52:30 1999
Date: Thu, 21 Jan 1999 10:39:36 -0800
From: Tom Weinstein <tomw@netscape.com>
To: Alan Olsen <alano@adams.pcx.ncd.com>
Cc: Rob Lemos <Rob_Lemos@zd.com>, cryptography@c2.net
Alan Olsen wrote:
> On Jan 20, 5:08pm, Tom Weinstein wrote:
> > Subject: Re: A different take on Intel's RSA announcements
> > Rob Lemos wrote:
> >
> > > http://www.zdnet.com/zdnn/stories/news/0,4586,2189721,00.html
> >
> > This just seems like FUD to me. ID numbers should help detect theft and
> > fraud. They aren't going to compromise privacy. I expect it's going to
> behave
> > just like the debugging registers. Nobody is going to be able to get at your
> > chip's ID without running software on your system.
>
> "What part of ActiveX do you not understand?"
If you're running ActiveX, you deserve what you get. ActiveX can do a lot more
evil things to you than steal your processor ID.
> When you are running an application designed by a third party on your system,
> how do you know if they are not accessing that information and leaking it via
> some covert channel? You don't.
You also don't know that they aren't dumping your registry the same way. If you
care about this stuff, why are you running Windows?
> Chip IDs will be used for the causes of evil as long as marketing has a hand in
> the design process. (For the process of obtaining customer demographics of
> course.) Not a far step from governments demanding the ability to track down
> and stomp on those who violate their rules or just plain noseyness. (When you
> have them by the Chip ID, their hearts and minds will follow.)
>
> Of course they have to run software on your system. This means that we just
> have to worry about the software we run. I expect that this will give rise to
> programs that will scan binaries looking for the chip ID instructions and
> replacing them with nulls or something more "interesting".
That sounds like a fine idea. My point was that chip IDs aren't intrinsically
evil. They're just yet another thing that can be exploited by evil software.
--
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice. You must understand Tao before | tomw@netscape.com
transcending structure. -- The Tao of Programming |
