The concept of a trusted computing base TCB has been around for at least 30 years. Despite many papers, talks, etc over these many years we've never gotten anywhere except in highly specialized systems. Sure, there have been B and A security machines, but not on general hardware.

Is it possible that TCPA gives us the option of actually implementing what we've wanted to for years without resorting to custom hardware? If so, then while it can definitely be abused, it can also be used to finnaly implement TCB systems on commodity hardware. We try and try to do this sort of thing today, but without dedicated hardware components to some extent we're just spinning our wheels.

I'm certainly cautious about abuse, but I also wonder whether eventually the market will sort it out. How many of you would buy a book with a shrink-wrap license that says you can't share it with a friend once you're done reading it? I think the answer is none. If software or media (films, e-books, etc) are sold the same way I'm not convinced that the average consumer, who can't now lend their DVD or book to someone, will continue to buy that technology.

Me - chomping at the bit for a TCB that I can actually experiment with.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/148/18771#18771