Hi.
I think the problem is that the words "trusted computing" have been used
both to describe some really exciting and useful cryoptographic
techniques, and some scary monopoly/control techniques tied to business
practices.
Especially at the start of the trusted computing wave when no-one really
knew what the words meant, I heard a lot of pretty cool stuff discussed by
people with solid backgrounds in crypto and called "trusted computing".
Lately the term "trusted computing" has settled down and is defined the
way that MS wants it defined, and the rest of the interesting stuff is
getting talked about with different names attached.
I think the post you sent reflects that: he's talking about a technique
that uses some of the same cryptographic concepts as "trusted computing
TM" but turns the control/business practices aspect on its head.
Given that we want computers with network access AND privacy, we're going
to have to have consumer adoptable cryptography. Given that we want to
solve SPAM we're going to have to integrate cryptographic handshaking into
email. The cryptographic tools are some of the same ones as those used
for DRM, copy protection, automatic software updates (which themselves are
a mixed blessing), etc.
Sometimes the lines get kind of blurry, as when bluefrog set up a botnet
disguised as an anti-spam service and went head to head with the
underground spam botnets (and lost, it turns out):
http://www.wired.com/wired/archive/14.11/botnet.html?pg=2&topic=botnet&topic_set=
------------->Nathan
On Fri, 17 Nov 2006 09:29:42 -0800, Eric A <erpo41@xxxxxxxxx> wrote:
I just stumbled across Hal Finney's rpow.net web site. He's one of the
original PGP 2.0 programmers, and he really seems to know his stuff
when it comes to cryptography and Trusted Computing's "Remote
Attestation" feature. That's why I found the following statement from
the main page so surprising:
"Allowing clients to dynamically validate the security of a server
turns the concept of Trusted Computing on its head. Rather than a
threat to individual privacy, the technology becomes a boon to privacy
and an empowering force for end users on the net."
I've never heard of anyone with a solid background in crypto who
thinks that any form of Trusted Computing has any redeeming value
whatsoever (unless said person is in it for the money or the power).
For me, this is major food for thought.
Worth reading: http://rpow.net/security.html
Eric
--
---
(([^/]+)/([^/]+)){0,1}/*(([^/]+)/([^/]+)){0,1}/*(([^/]+)/([^/]+)){0,1}/*
(([^/]+)/([^/]+)){0,1}/*(([^/]+)/([^/]+)){0,1}/*(([^/]+)/([^/]+)){0,1}/*
---
Nathan Young
N. C. Young Design
(530)629-4176
http://ncyoung.com
|