Some thoughts

[Jean-Christophe Haessig]

Hello,

I've been lurking on the list for a while and I'd like to post
this note to share my point of view. You may find it pedestrian,
but many posts have become very philosophical and fundamental-
elaborate-logic oriented. Sometimes it is even hard to follow,
so please bear in mind that I may not be sufficienly "educated"
to participate in that discussion.

On TC. The TC issue has come back to the frontline, and it has
even be mentioned that it may become unavoidable on the
near-future hardware.
I want to remind strongly that the Hurd will be Free Software.
Not that I disprove or dismiss the use of TC for OS verification,
nor that it should be forbidden to use TC feature for Free
Software because it is "Free Software". But I really think that
FS will never be able to use TC for OS verification, the weak
reason being that TC will be controlled by entities unfriendly
to FS (if there is some certification step required), and the
stronger reason being that FS would lose one of its biggest
interests, namely the ability for anybody to change it. Most
of the people on this list and many people who want or need to
setup machines with shared access will want to tune it to their
needs, or just recompile their own version because they like it.
On these grounds, if TC made it possible for a user to check
which OS is running on a machine and if it is of a "trusted"
kind, this ability clearly becomes void.

On protection against the machine owner.
My assumption is that there is really no way to protect against
the machine owner. He does what he wants with his hardware. If
he likes making a frying pan with his CPUs, he can, if he wants
to make some usable server for his users, he can, if he wants
to spy on them, he can. He can even make a system that looks
like what users usually think is not intrusive and spy on them
anyway.
Then protecting against the installer's or administrator's
incompetence or malice is really useless, because you never
know what the owner, against which it is impossible to protect,
is doing.
In fact, users should not be protected against the
administrator, or any user that has recieved some authority by
the owner. This is the owner's business. He may want to split
responsibilities among many users or concentrate the powers in
one user's hands (certainly his). Protection is necessary to
isolate users of the same rank. It is totally useless to try
to protect them from anything else. However, an interesting
goal is to enable them to do most of the things they want to
do without the explicit consent of any administrator (and this
is no kind of protection).

And this post is long enough for now...
JC
-- 
Le contenu et les auteurs apparents des courriers électroniques étant
aisément falsifiables, j'incite fortement mes correspondants à
utiliser un logiciel de signature électronique (voir : www.gnupg.org)

signature.asc
Description: Ceci est une partie de message numériquement signée