[email protected]
[Top] [All Lists]

Re: Sysadmins

Subject: Re: Sysadmins
From: "Jonathan S. Shapiro"
Date: Mon, 07 Nov 2005 11:14:28 -0500
On Mon, 2005-11-07 at 13:54 +0100, Marco Gerards wrote:
> > And honestly, I don't see a problem with XBox or Playstation. It's the
> > user's right to buy a crippled device.
> This sounds like a dangerous statement to me.  Will you say the same
> when PC's are crippled like this?

Absolutely. The bottom line is that you cannot stop a buyer from buying
the wrong thing. All you can do is make sure there is a marketplace
sufficient to support the manufacture, sale, and distribution of the a
better thing. It doesn't matter what the bad thing is, and it is not our
job to stop either the creation of the bad thing or the purchase of it.

Our job is to offer a better alternative.

One problem we face is that the majority of the world does not subscribe
to the idea that information should be redistributable without
restriction. In fact, most of the world thinks this is a simply silly

It isn't important whether their belief is technically correct. What
matters is that this belief governs their purchasing decisions.

The battle over DRM will not be won by shipping an OS that cannot play
commodity movies. It will be won (or lost) in the hearts and minds of
the users and in the legislatures of the respective countries.

> My point is that if such PC is made and it replaces the common PCs for
> some reason, some users can't buy a normal PC (perhaps because they
> are out of production or because they need the newest hardware
> features).  So in that case people might not have the choice anymore.
> So in that case it would not be someone's right to buy a crippled
> device, but it is forced upon him.

Then the fault will be ours for failing to wage an adequately planned
and executed *social* campaign.

> > If we want to argue that Hurd should not be ported to a system that
> > precludes installation of some other operating system, I have no
> > objection to this. However, this would not preclude running on systems
> > that implement either the TPM or the TCPA chips.
> If you can tell us something more about this than the speculations I
> am hearing all the time, please do.

In all of the proposals for desktop and server machines that I know
about, the situation is that you are free to load any OS that you want.
The chip determines what OS is booted using a cryptographic hash. Using
encryption, it is possible for one OS to store data that a second OS
cannot read. Finally, the chip can store a key that is unique to your
machine, but this key can be re-initialized.

These chips also have an attestation function: they are able to generate
a signed attestation about what OS is currently running. However, they
cannot do this behind your back. A third party can ask for an
attestation about your OS and you can refuse to provide it. The third
party can then refuse to work with you. Most of the people who use the
term "treacherous computing" do not understand that the request to
present your ID can be refused.

All of the PC-based chips can be re-initialized. You can alter your ID
at the cost of giving up the content associated with your previous ID.

So what these chips provide is the *ability* to identify your OS and the
*ability* to store data under one OS that cannot be retrieved (at least,
not as clear text) by a second.

My personal opinion is that the ability to present an operating system
ID has extremely limited practical value. The difficulty is that
operating systems are being patched all the time, so the ID is
constantly changing, and the number of possible valid configurations is
exponentially large. In order for vendors to use this scheme
successfully, they need to track this exponentially large data set.
Ultimately, I think this is why Microsoft has sharply reduced their
commitment to the TC technology lately, and has quietly stopped pushing
the TPM/TCPA chip quite so hard.  This link is the missing link that is
needed in order for DRM to be technically enforceable.

The ability to preclude data use by a second OS is where I think the
real issue lies. In essence, it precludes forensics. On the one hand,
this means that you can no longer read out the audio data of an MP3 file
by booting a second OS. On the other hand, this means that the police
cannot read your personal information after you reinitialize the TPM
chip on the machine (of course, neither can you unless you have made
arrangements for backup).

So: yes, DRM permits me to store data on your machine that you cannot
decrypt, but only with your consent. The challenge is to educate people
that giving this consent is a really dumb thing to do.


L4-hurd mailing list
[email protected]

<Prev in Thread] Current Thread [Next in Thread>