TCPA and Palladium Technical Analysis

An anonymous reader writes "After some months reading TCPA specifications and Palladium information released by Microsoft, I've finished a technical article regarding the two; the scope is technically analyzing what we know on TCPA and Palladium so we can have an objective way to judge how could it really affect us if finally done. You can read it in English or Spanish."

It's a standard, not an implementation

[Gerry+Gleason]

He is pretty clear on MS wanting everyone to believe that TCPA == Palladium, even though it is false. It's also pretty clear that TCPA is just some very limited hardware and firmware support for a few crypto and identity functions. It is essentially OS neutral, and there is no particular security and privacy advantage for Windows no matter what the MS marketdroids say.

The interesting and worrysome parts are the potential to use Palladium for DRM, and that a lot of people could be shut out depending on the details. Most likely there will be a requirement to get a certificate from a 'participating' CA, which could be MS only, but is just as worrysome even if it isn't (say a small list approved by the MPAA and RIAA).

Note also the small comments about DOS attacks that could exploit known MS vulnerabilities to in effect disable your trusted hardware and make it hard to use your computer for just about anything. Basically, the ability of this hardware and associated software to validate your certificate to play content is pretty fragil, and it could be trashed by a virus, or many types of valid upgrades and maintanance of your computer. I think he mentions the difficulty in re-certifying your machine after a change, and that the spec doesn't really cover it. In part, it is because you have to go to TTPs (trusted third parties) to re-certify. That means you have to 'tell' MS when you make your system dual boot and write a GRUB MBR to your boot partition. Tell me that there is no potential for abuse here.