Tom at Abacurial.com
Mon Jul 22 16:38:24 EDT 2002
Think "Big Brother." Thank god for authors who give us names, and
warned us of consequences, to enlighten us about the dangers facing
But I disagree Authentication has to necessarily be dependent on
_others'_ credentials. Sending someone an encrypted (using a private
key you set) message along with the plain text will keep the
information public, yet authenticate the content and origin. Similarly,
a signature based on the content and one's private key could be
authenticated using one's public key.
That said, I doubt if Palladium will allow users to create their own
authentications for arbitrary programs.
On Monday, July 22, 2002 at 15:14, Alan DeKok <canada-dmca-
opponents at flora.org>
wrote re "Re: [Cdn-DMCA] TCPA/Palladium " saying:
> I've got some comments on the difference between encryption and
> authentication, though. My ideas aren't perfect, but I think they are
> a good model for thinking about the issues.
> Authentication protects someone other than you.
> Why? You don't create your own credentials. All of your
> identification is given to you by someone else. The government, the
> bank, your parents (who named you?), etc.
> So authenticating yourself to the government, with government-issued
> ID, doesn't protect you. You're just allowing the government to be
> sure it's talking to the same person who was issued the identication.
> Think of it as "token passing", in the computer network sense.
> Encryption protects you.
> Why? You create your own encryption keys. It doesn't matter what
> the keys are, no one really looks at them. If someone has a key which
> decrypts communications from you, then you must have given them that
> If you don't like the key, you can change it. If you want to verify
> who you're talking to, you ask them to authenticate themselves, with
> government issued ID. If you really care, you ask them to encrypt
> those credentials with the current key, to be sure that for this
> conversation (i.e. encryption key), you're talking to the correct
> person (i.e. authentication credentials)
> Why does this matter? *YOU* are in control of your encryption
> keys. You decide which conversations to make public, and which ones
> to make private. The private conversations are ones that *you* think
> need to be private, to protect *your* privacy. You make other
> conversations public, because you're not afraid of their contents
> being revealed.
> By now, you're thinking "That's nice, but what does it have to do
> with TCPA/Palladium?"
> section 4:
> "[ the TCPA system ] checks that ... the software components have
> been signed"
> So the software components are authenticated. That is, they're
> given authentication information by someone you don't know, and your
> computer will refuse to run any software without those credentials.
> Looking at my analogy/explanation above, we can conclude that this
> authentication information protects *them*, not *you*.
> Personally, I see no reason why I should have to pay for something I
> don't want, which I don't need, and which serves only to protect
> someone other than myself.
> Another analogy is a wonderful idea I had for burglary prevention.
> We simply station a security guard at every door and window in your
> house. Then, before you can change rooms, you must show the guard
> your ID.
> What, you say? It's 2 AM, you're in your underwear, and you want to
> visit the bathroom? Well, you don't have any ID on you, so you're
> obviously a burglar, and you should go to jail.
> That's TCPA/Palladium. It's also one of the stupidest ideas I've
> heard of in a while.
> Alan DeKok.
------- Quidquid latine dictum sit altum viditur -----------------
,__@ Tom A. Trottier +1 613 860-6633 fax:231-6115
_-\_<, 758 Albert St.,Ottawa ON Canada K1R 7V8
(*)/'(*) ICQ:57647974 N45.412 W75.714
Laws are the spider's webs which,
if anything small falls into them they ensnare it,
but large things break through and escape.
--Solon, statesman (c.638-c558 BCE)
For (un)subscription information, posting guidelines and
links to other related sites please see http://www.flora.org/dmca/
More information about the Discuss