Improving the TCPA Specification
The Trusted Computing Platform Alliance, an industry work group formed to create "a new computing platform for the next century that will provide for improved trust in the PC platform," has recently received a great deal of negative press. At the same time that cofounder Microsoft announced plans to enhance the security of its next-generation operating system, Palladium, by leveraging TCPA technology, Cambridge University's Ross Anderson critiqued many aspects of the specification.
Without examining any of its technical details, the media was quick to condemn the organization's effort as an attempt to further monopolies and destroy privacy. Unfortunately, until these sensational stories appeared, most people probably had no idea what the TCPA was or what it was doing. Compounding this problem is the fact that the specification is extremely complex and tersely worded.
Here I hope to explain in a balanced fashion what is both good and bad about the proposed industry standard and suggest ways that the TCPA technical committee can improve it.
[ Read more ]