Peter Djalaliev wrote: > I don't know what you mean by full-blown TPMs. I assume that for you, > full-blown TPMs = Big Brother. I don't buy into this completely, > however. > > TPM-enabled systems are still under implementation and the specifics > of how they are going to function depend on how they will be > implemented. However, if such an implementation is built with user > privacy and user control over the TPM in mind, it can be a very > powerful solution to existing hard-to-defend-from attacks. There is > existing research going on in this area and the results we have look > promising.
A system that allows some (any) remote person/system to interrogate my system to see what software is installed and running on it, and the use of such interrogation by remote systems/persons to decide how to respond to requests from my system, or to decide whether or not to send requests to my system, is Big Brother. It is also MS's wet dream, AFAICT. I suspect that if you ask ANY user in the world if it would be OK for their system to tell any remote system that asks what software it has installed (including version information), you'd uniformly get reactions that could be described as "looks of horror". > I personally see TPM-enabled systems as special purpose solutions. I > believe that this is the only way that we can keep user control over > what the TPM does. I don't think TPM-enabled systems (maybe what you > call full-blown TPMs) will be widely deployed on PCs. IINM, Some time ago, HP announced that all their laptop products were TPM enabled systems. IIRC, the announcement said they all had TPM chips on them. I'm happy for those systems to have built-in FIPS 140 compliant hardware crypto modules. I'm not happy about Big Brother. Having Big Brother is too high a price to pay to a hardware crypto module. > There are > indeed multiple issues with it, among which the possibility of Big > Brother. However, the technology offers multiple opportunities for > applications, where it can be implemented in a controlled manner. I think you're saying that it is possible to use the technology in a way that is not abusive (not Big Brother). I see no financial incentive to MS to do that however. > Apart from that, I completely approve of TPMs being implemented as > PKCS#11 modules. This TPM-enabled feature will probably reach the > mass users; it offers clear advantage over storing privates keys on a > disk. > > One problem with smart cards is that users may not understand them. > It is a piece of hardware that they need to use properly in order to > preserve security. As we see from previous messages in this > discussion thread (blindly accepting self-signed certificates), users > do not properly execute security-sensitive actions. On those last two points, we agree completely! -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
