Re: Retracting the term ownership

[Marcus Brinkmann]

At Sat, 2 Sep 2006 17:07:27 +0200,
Christian Stüble <address@hidden> wrote:
> Am Freitag, 1. September 2006 19:16 schrieb Marcus Brinkmann:
> > > I must admit I'm a bit confused here: what argument shows that the
> > > technology fundamentally doesn't work in the long run? And what do you
> > > mean exactly by this?
> >
> > "Trusted computing" is the attempt to put information into a box,
> > providing only restricted views on the data inside it.  It is the
> > attempt to turn information into something material, that only exists
> > once, and that can be alienated by giving it from one person to
> > another.
> I disagree. "Trusted Computing" is the attempt to (i) verify the 
> configuration 
> running on a remote computer (e.g., to be able to derive its trustworthiness) 
> and (ii) to ensure that data can only be accessed under certain 
> configurations. 

Yes.  This is achieved by putting the running operating system into a
box such as I described.  If you disagree, then probably not on the
characterization of TC, but on the level of abstraction that is
relevant for discussion.  That's interesting, but would require
further clarification.

> I don't say that it is not possible to implement based on TC what you are 
> saying, but TC is much more. You focus on one derived use case that was and 
> is, imo, not even the main motivation behind TC.
>
> One TC implementation, a TPM, does not allow users to access the bits of the 
> keys stored insode.

As far as I know, *all* applications of TC that are usually cited in
support of it are compromised if the secret key can be read out by the
machine owner.

Can you give a counter example?

If this is not true for your model, I do not know what you mean by TC,
and I would like to ask you to elaborate on what your model for TC is.

> But this is only am implementation detail, similar to 
> smartcards. BTW, I never heard all this critics regarding smartcards..

Well, I have drawn the comparison to smart cards before on this list.
I agree that they provide essentially the same mechanism.  It is thus
not surprising that introduction of smart cards has often been subject
to an intense public discourse.  In 2004, for example, the plans for
the smart card at the TU Berlin were mostly chopped due to protests
and technical and legal difficulties.  Also in other areas with social
impact, for example the health card.

However, there are important differences as well.  First of all, smart
cards are only issued for a very narrow selection of applications, and
each application is discussed carefully.  They are provided and signed
by local agents, which are much easier subjected to a democractic
process, than a multi-national corporation with assets bigger than the
gross domestic product of most countries.  Introduction of smart cards
is a user-visible, transparent process.  In contrast, it is attempted
to introduce TPM silently, built into consumer devices, and only
activate them for a broad range of applications when they are
widespread, but unknown to the users.  Consider the alternative: Why
does the movie industry not sell smart card readers and smart cards
for 20 bucks, and DVDs that can only be watched with the smart card
attached to the computer?  Because it would be a desaster in any
respect: Publicity-wise, economical, etc.

Thus, if there is a difference in criticism (and I agree there is), it
can be easily explained by differences in social impact and potential
dangers.  Again, only looking at the technical mechanisms does not
give full insight into these matters, as it is all about politics.

Thanks,
Marcus