Tattooed
03-31-2003, 03:16 PM
Hi!
Pls sign the TCPA petition
http://www.petitiononline.com/mod_perl/signed.cgi?endtcpa1&651
Pls sign the TCPA petition
http://www.petitiononline.com/mod_perl/signed.cgi?endtcpa1&651
Click to See Complete Forum and Search --> : Pls sign the TCPA petition
bwkaz
03-31-2003, 07:13 PM
This thread seems to be better placed in the /dev/random forum. JL Ideas is for ideas for stuff the site might do. ;) Off we go...
That said, TCPA is not in and of itself evil. IBM has even written a TCPA Linux kernel module, that they've released under the GPL (I can't remember where I got it from, but it was posted here a while back, and I've got it still). Palladium, OTOH, since it is proprietary in nature, is evil.
All the specs for TCPA-compliant machines are out in the open, for anyone to see. TCPA will not prevent you from booting Linux!
That said, TCPA is not in and of itself evil. IBM has even written a TCPA Linux kernel module, that they've released under the GPL (I can't remember where I got it from, but it was posted here a while back, and I've got it still). Palladium, OTOH, since it is proprietary in nature, is evil.
All the specs for TCPA-compliant machines are out in the open, for anyone to see. TCPA will not prevent you from booting Linux!
redhat81
04-01-2003, 08:14 AM
It will prevent you from using Linux for files made by Microsoft products, I've heard.
bwkaz
04-01-2003, 03:10 PM
It can't, not by itself anyway. TCPA is just a hardware chip and some added BIOS functionality. There is no way that that could happen; TCPA is not embedded in OS'es. It's open-source!
Check the main TCPA page, for more info:
http://www.trustedcomputing.org/tcpaasp4/index.asp
Also, I quote from their TCPA FAQ:
What types of capabilities are highlighted in the TCPA 1.1 Specification?
There are two areas addressed: 1) traditional cryptographic security building blocks such as protected persistent storage, digital signature and protected key exchange, hardware based key generation, and HW random number generation (my note: these last two have been around for a while); 2) new capabilities such as platform integrity metrics (e.g., measuring the integrity of the BIOS, master boot record, and OS loader in the PC) and multiple aliased identities to better address privacy concerns in computing. The TCPA has defined a general purpose Trusted Subsystem that can be incorporated into a platform; the first target platform is the PC.
Do code, applets, or drivers used on a TCPA-enabled system need to be signed to run?
No. The use of signed components depends upon the operating system in which the Subsystem operates. As for "prevent you from using Linux for files made by MS products", what do you mean? If you mean that MS products won't read non-signed files, well, that's a problem with the MS product in question, not TCPA. TCPA is just a key generator on a chip, plus a BIOS/MBR verifier.
Also, from the TPM FAQ (TPM is the chip itself; TCPA is the subsystem):
Does the TPM "control" a user's system?
No. The TPM can store measurements of components of the user's system, but the TPM is a passive device and "doesn't decide" what software can or can't run on a user's system. The TPM provides a storage and reporting of the measurements of components of the user's system that are reported to it. The TPM accepts any measurement that is reported. There is no capability for the TPM to determine whether a particular measurement is acceptable or not. That is left to the software drivers, or the applications that use those drivers.
Check the main TCPA page, for more info:
http://www.trustedcomputing.org/tcpaasp4/index.asp
Also, I quote from their TCPA FAQ:
What types of capabilities are highlighted in the TCPA 1.1 Specification?
There are two areas addressed: 1) traditional cryptographic security building blocks such as protected persistent storage, digital signature and protected key exchange, hardware based key generation, and HW random number generation (my note: these last two have been around for a while); 2) new capabilities such as platform integrity metrics (e.g., measuring the integrity of the BIOS, master boot record, and OS loader in the PC) and multiple aliased identities to better address privacy concerns in computing. The TCPA has defined a general purpose Trusted Subsystem that can be incorporated into a platform; the first target platform is the PC.
Do code, applets, or drivers used on a TCPA-enabled system need to be signed to run?
No. The use of signed components depends upon the operating system in which the Subsystem operates. As for "prevent you from using Linux for files made by MS products", what do you mean? If you mean that MS products won't read non-signed files, well, that's a problem with the MS product in question, not TCPA. TCPA is just a key generator on a chip, plus a BIOS/MBR verifier.
Also, from the TPM FAQ (TPM is the chip itself; TCPA is the subsystem):
Does the TPM "control" a user's system?
No. The TPM can store measurements of components of the user's system, but the TPM is a passive device and "doesn't decide" what software can or can't run on a user's system. The TPM provides a storage and reporting of the measurements of components of the user's system that are reported to it. The TPM accepts any measurement that is reported. There is no capability for the TPM to determine whether a particular measurement is acceptable or not. That is left to the software drivers, or the applications that use those drivers.
redhat81
04-01-2003, 04:03 PM
Right, I was assuming Palladium with the original post.
Tattooed
04-01-2003, 04:14 PM
A Linux Magazine did an article on TCPA, they said that TCPA would stop people booting Linux. Only signed TCPA code would be able to run on TCPA.
bwkaz
04-01-2003, 05:09 PM
Then this Linux magazine obviously didn't bother to find out what TCPA actually is before they wrote that article, didn't they.
:rolleyes:
Originally posted by Tattooed
Only signed TCPA code would be able to run on TCPA. Do we even bother to read posts before responding? Yeah, maybe I'm being harsh, but I just posted a rebuttal to this!
Refer to the FAQ above. Specifically, the TPM one, and the second TCPA one.
:rolleyes:
:rolleyes:
Originally posted by Tattooed
Only signed TCPA code would be able to run on TCPA. Do we even bother to read posts before responding? Yeah, maybe I'm being harsh, but I just posted a rebuttal to this!
Refer to the FAQ above. Specifically, the TPM one, and the second TCPA one.
:rolleyes:
Tattooed
04-01-2003, 05:41 PM
I did read your post. I was just pointing out why I posted the TCPA petition-that's all.
El_Cu_Guy
04-01-2003, 06:33 PM
Basically here's the deal. People often either confuse TCPA and Palladium, or will mention one without the other. The latter usually involves a belief that one requires the other.
Both situations can create problems. Is TCPA bad? Well in theory any technology can be used for "evil purposes".
Both situations can create problems. Is TCPA bad? Well in theory any technology can be used for "evil purposes".
redhat81
04-01-2003, 08:20 PM
Originally posted by El_Cu_Guy
Basically here's the deal. People often either confuse TCPA and Palladium, or will mention one without the other. The latter usually involves a belief that one requires the other.
Both situations can create problems. Is TCPA bad? Well in theory any technology can be used for "evil purposes".
Makes it confusing. In my experience, many people who speak ill of TCPA are in fact speaking of Palladium.
Basically here's the deal. People often either confuse TCPA and Palladium, or will mention one without the other. The latter usually involves a belief that one requires the other.
Both situations can create problems. Is TCPA bad? Well in theory any technology can be used for "evil purposes".
Makes it confusing. In my experience, many people who speak ill of TCPA are in fact speaking of Palladium.
case1984
04-02-2003, 03:14 AM
Does anyone know or have any statistics about the effectiveness of online petitions? Does anyone actually know of one working?
I've heard companies and politicians treat requests like this:
phone call = 100 points
snail mail letter = 100 points
email (not a cut and paste job) = 50 points
fax = 25 points
email (cut and paste) = 10 points
name on a written petition = 5 points
online petition = 1 point
I've heard companies and politicians treat requests like this:
phone call = 100 points
snail mail letter = 100 points
email (not a cut and paste job) = 50 points
fax = 25 points
email (cut and paste) = 10 points
name on a written petition = 5 points
online petition = 1 point
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.