[e-lang] On the moral bankruptcy of the term "Trusted Computing"
Mark S. Miller
Mon, 02 Feb 2004 10:03:05 -0800
Trust is necessarily a subjective judgement, often depending on vastly more
inarticulate subjective factors than taste. Although there's supposedly "no
accounting for taste", people often try to convince each other about what
they should and shouldn't like. Arguments about what should and should not
be trusted are at least as tricky and non-objective. As with taste, trust is
properly swayed by arguments and evidence, but no further. If someone
implicitly tells me what I must trust, I should be at least as offended as
if they told me what I must like. These kinds of decisions are prior to our
notions of objective rationality.
Norm Hardy taught me the importance of the concept of TCB. This wonderful
concept has such a horribly misleading name that, whenever we use it, we
should explain that it stands for "That mechanism other things are
necessarily vulnerable to." When someone uses phrases like "Trusted
Computing", whether they are talking about a TCB or the Intel et. al. Trusted
Computing Group, I simply say "But I don't trust it." The TCG's implicit
claim to the contrary is no different than if engineers claimed an artifact
was Universally Liked by design. Perhaps they should form the Universally
Liked Computing Group.
The terms "rely" and "vulnerable" do not create this offensive confusion. To
claim that Winston Smith is vulnerable to the state, and relies on the state
not to vaporize him, is a judgement that observers can well make about his
situation. To claim that he thereby trusts the state not to vaporize him is
The same issue applies to the phrase "Trusted Third Party". Just because I
use a protocol that renders me vulnerable to Verisign, such that my fate
relies on its good behavior, is no grounds for telling me I trust it. I do not.
As always, feel free to forward widely.
Text by me above is hereby placed in the public domain