| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Simon.Richter at hogyros.de (Simon Richter) Subject: Trustworthy Computing Mini-Poll Hi Andrew, On Thu, Dec 19, 2002 at 09:06:58AM +0200, Andrew Thomas wrote: >> form a lobby group and ask for the "owner + web of trust" >> solution. It is technically doable and in the line of liberalism, so I think it >> has a good chance of becoming law. > I might be missing something, but how does software/hardware limitation of > personal control fall under the description of 'in the line of liberalism'? I was talking about the "web of trust model", where the owner of the computer decides whom to trust as an introducer and whom to trust as a software vendor. So this doesn't in fact limit your personal control over what software runs on your computer, as you can always sign it yourself. Since a lot of users do not (want to) understand what a web of trust is, a number of "trust centers" will pop up, competing for software developers (=> reasonable price). The OSS people will simply use their own web of trust, and people wishing to install OSS software can also enter this web at the next signing party or compile and sign the software themselves. The only thing that is bad about being liberalist here is that M$ gets to decide whose keys they ship with Windows -- but as long as the user is able to install new keys and express trust into them, users will still vote with their feet (if M$'s pricing is unresonable, we tell people to install a certain key in the manual -- and that key will probably belong to a group of software developers). On the copy protection side, customers will have the choice between buying combo hardware (DVD drive, gfx card, sound card, special cable inbetween, all from the same vendor) and using a non-TCPA CPU or selecting hardware from different vendors and using a TCPA CPU. In fact I think the copy protection features in the TCPA hardware will be born dead, since a hardware-only scheme is much cheaper, and customers will be happy about the CPU time saved by decoding that MPEG stuff in hardware. I'm still wondering whether TCPA or the hardware schemes are in fact weaker -- TCPA can probably be cracked in software, but OTOH a lot of the hardware solutions will be security-by-obscurity or at least one of them may have a small flaw (a chosen-plaintext attack may be enough of a hole for a mod chip). > To answer your question, I would personally be quite happy for the technology to > be developed, as long as it wasn't forced on me by law. Would you buy/use it if you had the choice? I mean, there are a lot of advantages... :-) Simon -- GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021220/a15e1f87/attachment.bin
Powered by blists - more mailing lists