Re: TCPA/Palladium (moved from OT debian-hurd thread)

help-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCPA/Palladium (moved from OT debian-hurd thread)

From:	Kurt B. Kaiser
Subject:	Re: TCPA/Palladium (moved from OT debian-hurd thread)
Date:	Thu, 22 May 2003 14:49:22 -0400
User-agent:	Gnus/5.090015 (Oort Gnus v0.15) Emacs/21.2

[KBK]
>> I think it's actually worse than that.  It might get to the point
>> where only a "certified" operating system may connect to the Internet
>> in the USA; congress having been wrongly convinced by the media lobbys
>> that crackers running something like GNU/Hurd could break through the
>> protection of "intellectual property" rights.

[Robert Millan]
> that's futile. who will care when we have our own free internet [1]
>
> [1] like, see http://seattlewireless.net/

..........

[KBK]
>> I would think that an OS like the Hurd with limited (political)
>> resources might have a hard time in that environment.
..........

>>But the user base for GNU/Hurd is probably too small warrant a
>>certification effort, and if a certified version wasn't available the
>>user base would be so constrained that growing to critical mass would
>>take forever.  Chicken/egg situation.

[Danilo Segan <dsegan@gmx.net>]
> Isn't it true that GNU (and consequently Hurd) wouldn't be touched by
> any of this? As Marcus already explained, FSF has always insisted on
> copyrights, so this should not be a problem for those actually using
> free software.

That's a different battle.  This topic is not about SCO, this is a
/real/ threat.

www.trustedcomputing.com

There are a couple of FAQ on that site which I hope everyone will
read.  Excerpts from the TCPA FAQ:

"In addition to the specification the TCPA [Trusted Computing Platform
Association - read: the big vendors] also defines Common Criteria
Protection Profiles.  These profiles provide a mechanism to have
independent, third parties [sic] evaluations of TCPA solutions.  This
evaluation allows the marketplace and customers to make informed
purchase decisions and to have reasonable assurance that the platform
they are purchasing does provide the protections specified by the
TCPA."

and

"One of these mechanisms [provided by the TCM hardware] is a report,
or *attestation* [emph in orig], of the current configuration of the
platform.  A user or system owner may elect to attest remotely to this
configuration.  Knowledge and confirmation of the current software
running on a system has been a desired feature for security systems
for many years, not only for private users, but also especially for
system administrators which [sic] are responsible for infrastructure
security and reliability."

1. Can you imagine how much that certification will cost?  For the
   paranoid: maybe even much more that the actual cost?  This is the
   ultimate small guy lock-out.

2. What changes to an OS would invalidate the certification?  Maybe
   anything which would change the hash?  I wonder how they handle
   patches?

3. It's a very small step for an ISP to require that all systems
   connected have TCPA certs or they will be blocked.  Comcast would
   do it in a heartbeat, and there goes my high speed link.

(Many ISPs are already blocking specific ports to all customers
regardless of abuse history.  Also, there are SMTP servers which will
not directly accept mail from me for one of their customers because
I'm in the attbi modem block and they simply block that whole IP block
because "it's a well known source of UCE.")


For more information, see Bruce Schneier's article on Palladium:

www.counterpane.com/crypto-gram-0208.html

Excerpt:

"My fear is that Palladium will lead us down a road where our
computers are no longer our computers, but are instead owned by a
variety of factions and companies all looking for a piece of our
wallets...I don't mind companies selling, renting, or licensing things
to me, but the loss of the power, reach, and flexibility of the
computer is too great a price to pay."

In other words, you will not be root on your own system.  You could
(maybe) install the OS but not change it, and there would be many
other users, each with their own data and capabilities.  From what
little I know, it seems to me that the Hurd security and authorization
model is well suited to that approach.  In addition, the Hurd/L4 OS
can be modified in fundamental ways on the fly, by outsiders.  Seems
ideal for TCPA.  Hm.  Good thing it's GPL.

Well, we may end up a TCPA certified box connected to what is now the
internet so we can (pay to) listen to AudioDVD etc.  Those things
would essentially be 'multimedia viewing appliances'.  But next to it
would sit a GNU/Hurd box connected to the wifinet, on which we do our
hacking.

You know, it might be a lot less trouble.  The only problem is they
would be after our freedom on that net also, soon enough.

www.againsttcpa.com

--
KBK

[Prev in Thread]

Current Thread

[Next in Thread]

Re: TCPA/Palladium (moved from OT debian-hurd thread), Kurt B. Kaiser, 2003/05/21
- Re: TCPA/Palladium (moved from OT debian-hurd thread), Danilo Segan, 2003/05/21
  - Re: TCPA/Palladium (moved from OT debian-hurd thread), Farid Hajji, 2003/05/21
    - Re: TCPA/Palladium (moved from OT debian-hurd thread), Robert Millan, 2003/05/22
  - Re: TCPA/Palladium (moved from OT debian-hurd thread), Kurt B. Kaiser <=

Prev by Date: Re: TCPA/Palladium (moved from OT debian-hurd thread)
Next by Date: Hurd installation trouble
Previous by thread: Re: TCPA/Palladium (moved from OT debian-hurd thread)
Next by thread: [Help-HURD] some questions about hurd
Index(es):
- Date
- Thread