Re: awareness + flexibility + security

[Marcus Brinkmann]

At Thu, 10 Nov 2005 19:02:37 +0100,
Bas Wijnen <address@hidden> wrote:
> What does this chip do?  It allows people to check that a remote computer is
> running unchanged code.  In other words, it allows people to restrict changing
> of code ("if you change your code, you cannot use my service").  I do not see
> any other use of the chip.

Let me give a specific example what could be done.

As you may know, with the increased importance of remote services,
there was a lot of concern about a loophole in the GPL: People could
change GPL software, and keep the modifications private.  Because
_use_ of the software is unrestricted, they could then go ahead and
offer web services to their users without releasing their
modifications to the public.  Note that in this case it was a new
technology, broadband, that made it feasible to circumvent the GPL at
a large scale.

It is my understanding that the efforts going into the GPL v3 are
partly directed at fixing this loophole.  At least this was the case a
couple of years ago, it may still be the case today.  Can somebody who
follows the GPL v3 developments shed some light on this?

Here is now my idea how this loophole could effectively be closed: If
a web service provider wants to use GPL software with modifications,
they have to release the source code.  Once the source code is
released, the FSF can offer as a service to sign binaries of the
source code releases.  Using these signatures, and the remote
attestion features of TC, the _users_ of these remote web services
could _verify_ that the remote server only runs free software in
implementing this service.

Similar services could be provided for embedded devices.  We know as a
fact that today this is a market segment where the GPL is frequently
violated.

I would probably not go so far as requiring such a signing process in
the license.  But it would put an enormous public pressure on web
services.  If they can prove for a small sum that they run only free
software, why would they not do so?  It would not be limited to the
FSF: Any third party trusted by the users could perform this
evaluation.  In fact, this opens up a completely new market segment;
free software companies could offer service contracts that include
"community support", "remote attestion", "source code download", and
maybe even maintenance and development (subcontracting other companies).

Also, I think it makes a lot of sense to look at TC and DRM
separately.  TC does effectively support as simple operations as
harddrive encryption on laptops.  Yes, these can be added in software
as well.  But I think this is undoubtly a positive use, not a negative
one.  Don't you agree?

Maybe I am making a basic mistake here, but it isn't _obvious_ to me
that the only uses are bad.

Please note: What I said above does not say anything about the
_balance_ between "bad" and "good" uses.  At least for me personally I
have decided that I just don't know enough about these issues to make
a good judgement at this point.  I want to give this the time it seems
to require.

Thanks,
Marcus