Quoting Mike Miller <mbmiller at taxa.epi.umn.edu>: > On Tue, 10 May 2005, Richard Hoffbeck wrote: > > > If you look at the requirements of 'trusted computing' there is no way > > that it can be good for OSS. > > Can't we come up with another name for it? I think "trusted computing" > sounds like a marketing phrase - designed to manipulate our feelings. We > should call it something else. What should we call it? > The phrase trusted computing actually originates from the authors of the orange book, the old DoD computer security manual. It is exactly what is says, computing that you can trust. The reason you can trust it is because it has been verified by someone with whom you have some trust relationship. > > The usual argument is that you can just turn off the 'trust' and run > > Linux as usual, but the ultimate goal is to build a trusted net where > > trusted systems will only talk to trusted systems. That certainly kills > > spam, viruses, worms, etc. but it also leaves untrusted systems only > > able to talk to untrusted systems. > > I don't really understand this. If an executable file cannot be executed > unless it is "trusted," how does that stop perl, say, from doing something > nasty? Perl is the executable, but it is interpreting a script, and the > script could do bad things. If I have a "trusted" computer, how does that > stop me from sending an unsolicited e-mail message to another "trusted" > computer? In a trusted comuting environment all executables are restricted in what they can do. A perl script is going to be a child process of the perl executable and will inherit the restirctions placed upon the perl executable. If you use compiled perl, then the compiled executable would need to be trusted. > I'm sure Microsoft would love to do away with TCP/IP altogether and > replace it with MSnet, or whatever, but they'll never be able to do it. > "Trusted computing" sounds like a move in that direction, but I don't see > how it can work for them. Again, lets not confuse Microsoft with Trusted Computing, the two are quite far from being one and the same. What we are actually discussing is open versus closed. The concern would be a move in the personal comuting industry towards a closed platform with proprietary standards, not the adaptation of trusted computing per se. Josh