.
Alors, vous donnez votre langue au chat ? 
oui pourquoi MS fait il cela? mmh?
allez je vous donne un élément de réponse, et vous allez comprendre que les pirates sont simplement une excuse de .. que seuls des blaireaux (ou des journalistes 
) veulent vous faire gober :
TCPA / Palladium Frequently Asked Questions
Version 0.1 26 June 2002
1. What are TCPA and Palladium?
TCPA stands for the Trusted Computing Platform Alliance (TCPA), an initiative led by Intel. Their website is here. Their stated goal is `a new computing platform for the next century that will provide for improved trust in the PC platform.' Palladium appears to be a Microsoft version which will be rolled out in future versions of Windows, will build on TCPA hardware, and will add some extra features. The Palladium announcement appears to have been provoked by a paper I presented on the security issues relating to open source and free software at a conference on Open Source Software Economics in Toulouse on the 20th June. This paper criticised TCPA as anticompetitive. This has been amply confirmed by new revelations over the past few days.
2. What does TCPA / Palladium do, in ordinary English?
Its obvious application is to embed digital rights management (DRM) technology in the PC. The less obvious implications include making it easier for application software vendors to lock in their users.
3. So I won't be able to play MP3s on my PC any more?
With existing MP3s, you may be all right for some time. But in future, TCPA / Palladium will make it easier to sell music, movies, books and other content packaged so that people can play them on their PCs but not copy them. You might be allowed to lend your copy of some digital music to a friend, but then your own backup copy won't be playable until your friend gives you the main copy back. Quite possibly you will not be able to lend music at all. (It looks likely that the music publisher will be able to make the rules - and to change them at will by remote control.)
4. How does it work?
TCPA provides for a monitoring component to be mounted in future PCs. The likely implementation in the first phase of TCPA is a `Fritz' chip - a smartcard chip or dongle soldered to the motherboard.
When you boot up your PC, Fritz takes charge. He checks that the boot ROM is as expected, executes it, measures the state of the machine; then checks the first part of the operating system, loads and executes it, checks the state of the machine; and so on. The trust boundary, of hardware and software considered to be known and verified, is steadily expanded. A table is maintained of the hardware (audio card, video card etc) and the software (O/S, drivers, etc); if there are significant changes, the machine must be re-certified. The result is a PC booted into a known state with an approved combination of hardware and software. Control is then handed over to enforcement software in the operating system - this is presumably Palladium if your operating system in Windows.
Once the machine is in this state, Fritz can certify it to third parties: for example, he will do an authentication protocol with Disney to prove that his machine is a suitable recipient of `Snow White'. The Disney server then sends encrypted data, with a key that Fritz will use to unseal it. Fritz makes the key available only so long as the environment remains `trustworthy'. For this purpose, `trustworthy' means that the media player application won't make any unauthorised copies of content.
5. What else can TCPA and Palladium be used for?
TCPA can be used to implement much stronger access controls on confidential documents. For example, you might arrange that your soldiers can only create word processing documents marked at `confidential' or above, and that only a TCPA PC with a certificate issued by your own armed forces can read such a document. This is called `mandatory access control', and governments are keen on it. The Palladium announcement implies that the Microsoft product will support this. Once TCPA is widespread, corporations can do this too - and so, for that matter, can the Mafia. This can make life harder for spies, corporate whistleblowers, and FBI agents alike (though it is always possible that the FBI will get some kind of access to master keys). A whistleblower who emails a document to a journalist will achieve little, as the journalist's Fritz chip won't give him the key to decipher it.
6. This all seems on balance fairly worthwhile. But surely Intel are not investing all this money just for charity? How do they propose to make money out of it?
My spies at Intel tell me that it was a defensive play. As they make most of their money from PC microprocessors, and have most of the market, they can only grow their company by increasing the size of the market. They are determined that the PC will be the hub of the future home network. If entertainment is the killer application, and DRM is going to be the critical enabling technology, then the PC has to do DRM or risk being displaced in the home market.
7. Where did the idea come from?
It first appeared in a paper by Bill Arbaugh, Dave Farber and Jonathan Smith, ``A Secure and Reliable Bootstrap Architecture'', in the proceedings of the IEEE Symposium on Security and Privacy (1997) pp 65-71. It led to a US patent: ``Secure and Reliable Bootstrap Architecture'', U.S. Patent No. 6,185,678, February 6th, 2001. Jonathan's thinking came from work done at Cambridge while he was here on sabbatical in 1996(ish): see here for the most relevant published work.
The basic idea, of a specially trusted `reference monitor' that supervises a computer's access control functions, goes back to the early 1970s and has been a feature of US military secure systems thinking since then.
8. How is this related to the Pentium 3 serial number?
Intel started an earlier program in about 1997 that would have put the functionality of the Fritz chip inside the main PC processor, or the cache controller chip, by 2000. The Pentium serial number was a first step on the way. The adverse public reaction seems to have caused them to pause, set up a consortium with Microsoft and others, and seek safety in numbers.
9. Why call the monitor chip a `Fritz' chip?
In honour of Senator Fritz Hollings of South Carolina, who is working tirelessly in Congress to make TCPA a mandatory part of all consumer electronics.
10. OK, so TCPA stops kids ripping off music and will help companies keep data confidential. It may help the Mafia too, but apart from the pirates, the industrial spies and the FBI, who has a problem with it?
A lot of companies stand to lose out. For example, the European smartcard industry may be hurt, as the functions now provided by their products migrate into the Fritz chips in peoples' laptops, PDAs and third generation mobile phones. In fact, much of the information security industry may be upset if TCPA takes off.
But there are much deeper problems. The fundamental issue is that whoever controls the Fritz chips will acquire a huge amount of power. There are many ways in which this power could be abused, and Intel has refused to answer questions on the governance of the TCPA consortium.
11. How can TCPA be abused?
One of the worries is censorship.An application enabled for TCPA, such as a media player or word processor, will typically have its security policy administered remotely by a serverThis is so that content owners can react to new piracy techniques. However, the mechanisms might also be used for censorship.
pigé? La phase une de PALADIUM vient seulement d'être lancé..
Phase 2 : devinez ce qui va bientôt équipper vos prochaines petites Mobo
pour + d'info ici :
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Message édité par serveur le 05-07-2002 à 16:10:16
microdob windob
![[:nikolai]](https://forum-images.hardware.fr/images/perso/nikolai.gif "[:nikolai]")