[Cdn-DMCA] TCPA/Palladium

Tom Trottier Tom at Abacurial.com
Mon Jul 22 16:38:24 EDT 2002 

Think "Big Brother." Thank god for authors who give us names, and 
warned us of consequences, to enlighten us about the dangers facing 
democrats.

But I disagree Authentication has to necessarily be dependent on 
_others'_ credentials. Sending someone an encrypted (using a private 
key you set) message along with the plain text will keep the 
information public, yet authenticate the content and origin. Similarly, 
a signature based on the content and one's private key could be 
authenticated using one's public key. 

That said, I doubt if Palladium will allow users to create their own 
authentications for arbitrary programs.

tOM

On Monday, July 22, 2002 at 15:14, Alan DeKok <canada-dmca-
opponents at flora.org>
wrote re "Re: [Cdn-DMCA] TCPA/Palladium " saying:

...
>   I've got some comments on the difference between encryption and
> authentication, though.  My ideas aren't perfect, but I think they are
> a good model for thinking about the issues.
> 
>   Authentication protects someone other than you.
> 
>   Why?  You don't create your own credentials.  All of your
> identification is given to you by someone else.  The government, the
> bank, your parents (who named you?), etc.
> 
>   So authenticating yourself to the government, with government-issued
> ID, doesn't protect you.  You're just allowing the government to be
> sure it's talking to the same person who was issued the identication.
> 
>   Think of it as "token passing", in the computer network sense.
> 
> 
>   Encryption protects you.
> 
>   Why?  You create your own encryption keys.  It doesn't matter what
> the keys are, no one really looks at them.  If someone has a key which
> decrypts communications from you, then you must have given them that
> key.
> 
>   If you don't like the key, you can change it.  If you want to verify
> who you're talking to, you ask them to authenticate themselves, with
> government issued ID.  If you really care, you ask them to encrypt
> those credentials with the current key, to be sure that for this
> conversation (i.e. encryption key), you're talking to the correct
> person (i.e. authentication credentials)
> 
>   Why does this matter?  *YOU* are in control of your encryption
> keys.  You decide which conversations to make public, and which ones
> to make private.  The private conversations are ones that *you* think
> need to be private, to protect *your* privacy.  You make other
> conversations public, because you're not afraid of their contents
> being revealed.
> 
>   By now, you're thinking "That's nice, but what does it have to do
> with TCPA/Palladium?"
> 
>   See:
> 
>   http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
> 
>   section 4:
> 
>   "[ the TCPA system ] checks that ... the software components have
> been signed"
> 
> 
>   So the software components are authenticated.  That is, they're
> given authentication information by someone you don't know, and your
> computer will refuse to run any software without those credentials.
> 
>   Looking at my analogy/explanation above, we can conclude that this
> authentication information protects *them*, not *you*.
> 
>   Personally, I see no reason why I should have to pay for something I
> don't want, which I don't need, and which serves only to protect
> someone other than myself.
> 
> 
>   Another analogy is a wonderful idea I had for burglary prevention.
> We simply station a security guard at every door and window in your
> house.  Then, before you can change rooms, you must show the guard
> your ID.
> 
>   What, you say?  It's 2 AM, you're in your underwear, and you want to
> visit the bathroom?  Well, you don't have any ID on you, so you're
> obviously a burglar, and you should go to jail.
> 
> 
>   That's TCPA/Palladium.  It's also one of the stupidest ideas I've
> heard of in a while.
> 
>   Alan DeKok.
------- Quidquid latine dictum sit altum viditur -----------------
   ,__@	Tom A. Trottier +1 613 860-6633 fax:231-6115
 _-\_<,	758 Albert St.,Ottawa ON Canada K1R 7V8	
(*)/'(*)	ICQ:57647974 N45.412 W75.714
---------------------------------------------------------------------
Laws are the spider's webs which, 
if anything small falls into them they ensnare it, 
but large things break through and escape.
	--Solon, statesman (c.638-c558 BCE)

--
For (un)subscription information, posting guidelines and
links to other related sites please see http://www.flora.org/dmca/

More information about the Discuss mailing list