Re: Separate trusted computing designs

[Jonathan S. Shapiro]

On Thu, 2006-08-31 at 16:45 +0200, Marcus Brinkmann wrote:
> At Wed, 30 Aug 2006 16:06:42 -0400,
> "Jonathan S. Shapiro" <address@hidden> wrote:
> > The term "owner" has a specific and well-defined legal meaning, and I
> > have (in the past) understood Marcus to be using this meaning when he
> > uses the term "owner".
> 
> Actually, the legal definition of ownership is way too complex to be
> useful to me.  I refered to Hegel's definition, which boils down to
> exlusive right to possess, use and destroy a thing.  Should be close
> enough in practice, certainly good enough to analyse the "trusted
> computing" model.

This is only good enough if "use" includes "delegate to others the
conditional right to use in whole or in part". I think that I have been
reading "exclusive" to prohibit this. It is not the right to use that is
exclusive. It is the primary right to delegate/subdivide the right of
use (including to yourself). In computation systems, all rights
dependent on such delegation can be further delegated if the system is
designed to allow this.

And by this definition, TPM does not violate your definition at all. At
the moment of initial power-on the user need not enable the TPM chip.
Later, the user can *disable* it. The ability to perform these acts is
necessary and sufficient to constitute "exclusive right to delegate
right of use."

> What I have elaborated on in the mail "Part 1: Ownership and
> Contracts" is how this process works, and what the consequences are if
> ownership is diffused carelessly or under pressure.  I think that
> protection of ownership is a security issue, and that's why I consider
> "trusted computing" as a security threat.
> 
> However, I have, in writing, made clear that I admit such alienations,
> called "contracts", in my mail "Addendum: Part 1: Ownership and
> Contracts", of which the relevant part I reproduce below.

Marcus: could I trouble you, when you refer to earlier writings, to
*please* provide a URL? At least to the essential ones? I don't have
time to hunt them down, but I am willing to go back and look at them if
there is a simple way to find them.

I do see the excerpt below, but I would like to go back and re-read the
entirety. You put a lot of effort in to it.

> > Marcus has been very clear that his concept of "ownership" is not
> > subdivisible. He has explicitly excluded any scenario involving shared
> > ownership or any scenario in which "total control" is restricted to a
> > subset of the resource/machine.
> 
> I have in fact devoted a large part of the discussion to "contracts",
> which are exactly about such scenarios.

You have drawn my attention to an important misunderstanding on my part.
Thank you.

> > Of course, I may not have understood him correctly, or I may be
> > mis-applying what he has said.
> 
> I think you are confusing what I admit as a possibility with what I
> consider to be desirable.  I consider it very desirable to not have my
> computer alienated, even in parts.  This does not exclude the
> conceptual possibility to do so.  However, there are IMO grave risks
> involved, and furthermore I don't see any necessity to do so.

It is very plausible that this is the root cause of my confusion.


shap