l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How come DRM would provide anything?

From: Jonathan S. Shapiro
Subject: Re: How come DRM would provide anything?
Date: Mon, 05 Dec 2005 17:14:56 -0500 
On Mon, 2005-12-05 at 22:55 +0100, Pierre THIERRY wrote:
> Scribit Jonathan S. Shapiro dies 05/12/2005 hora 14:56:
> > It is true that the manufacturer will not let you, personally, come
> > validate these chips. It does not follow that the chips are not
> > validated.
> 
> OK. In the paranoid scenario, which is IMHO often valuable in the
> security field, what level of confidence can we have in the ones that do
> the validation? Could Big Brother bypass or tweak their validation so he
> could force the TC system to give fallacious signatures?

This is a matter of opinion. Background: I don't consider the U.S.
government trustworthy in this sort of thing. They are trustworthy where
their interests are concerned, but their interests are not aligned with
my interests as a private citizen.

In my opinion, given the number of dollars at stake, the nature of the
stakeholders, the reputations of some of the evaluators, and the number
of competing implementations, I think that three pragmatic conclusions
can be drawn safely:

  1. The level of confidence I can have is pretty damned high

  2. It's probably not possible to do any better in the context of
     any large-scale commercial endeavour.

  3. Shrinking the scale of the endeavour would reduce the number
     of people who need to conspire, and would therefore yield
     lower confidence.

Ultimately, there is one very important factor in this case that was not
true in, say, the "clipper" situation: the incentive structure is right.
The situation here is:

  1. The people deriving money from the scheme have an exceptionally
     strong incentive to keep it secure.

  2. The consequence of anyone discovering an intentional compromise
     on some vendor's chip would be that every machine by that vendor
     would be blacklisted immediately by all of the content providers.
     The level of screaming that customers would direct at the vendor
     is unimaginable, and the customers who can no longer play movies
     or audio will not accept "the government ate my homework" as an
     acceptable excuse.

The greatest threat to the earliest implementations was the absence of a
trusted path solution. The greatest threat to the current
implementations is hardware probes. This threat is actually quite
significant if you are a movie vendor, but it isn't a very big deal if
you are a credit card clearing agency.

What I think you are missing here is that if the TPM chip is
compromised, it isn't *you* who is at risk. It's the content vendor.


shap
reply via email to
[Prev in Thread] Current Thread [Next in Thread]