a comment about Palladium in CryptoGraph
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Sep 16 11:57:13 EDT 2002
http://www.counterpane.com/crypto-gram.html
From: Niels Ferguson <niels at ferguson.net>
Subject: Palladium
Microsoft claims lots of benefits for Pd, some of which are to allow
Digital Rights Management (DRM). However, most of the benefits can
already be achieved by existing hardware. All Intel CPUs since the 286
have had very good hardware separation between tasks. It is only
Microsoft's choice not to use this feature that has led to a single
hunk of inter-dependent code.
Intel CPUs can protect one program from the other. You can create
secure device drivers which can no longer crash you computer. But, the
basic operating system will always have full control of the
computer. So you can protect programs from each other, and the user
from malicious programs, but the user always maintains complete control
over his machine.
What Pd adds is to take control away from the user. It "allows" the
user to give up part of his control over the machine, and give it to a
program. This is of course required for DRM, but I cannot really think
of any other application. They talked about some things like banking
software, but that is just silly. We have perfectly good cryptography
to handle those threats, and using Pd for banking would be very
dangerous. After all, the Pd chip isn't protected against physical
attacks, so you have to trust the owner of the computer anyway.
There was some misdirection about it not being possible to change the
whole Windows operating system, so Pd is needed to create a kind of
micro-kernel under the OS. This is not true. You can do the same on
Intel hardware; VMware is a good example. Microsoft can achieve the
same security features (except for DRM) using existing hardware and the
same amount of software development effort.
My conclusion: The only reason for Pd is DRM. All the rest is just a
smoke-screen, or stupidity. You can never tell the difference.
--
For (un)subscription information, posting guidelines and
links to other related sites please see http://www.digital-copyright.ca
More information about the Discuss
mailing list