Talk:Trusted Computing Platform Alliance

What does this mean, that TCPA devices "execute code on behalf of the code signers, rather than their users"? What does it mean for code to be executed on behalf of one person rather than another?

And I thought TCPA didn't require signed code?

I don't think this whole paragraph makes sense but I wanted some feedback before I remove it. MKWilliams 20:49, 4 Dec 2003 (UTC)

AFAICS, the page says now that "Trusted Computing devices" execute code on behalf on the code signers. That's better because the TCPA TPM does not execute external code, it only executes internal code, so the TCPA part of the sentence would have been wrong.

It's also correct that code does not need to be signed in order to be executed on a Trusted Computing device, but by using such device, you trust the parties which have the control over the device(you don't) to do the right thing with your data. If all code is signed or not does not matter, you give up control and only signed code gets full permission(e.g. in case of XBox, PS2 should be similar)

I think the correct wording would be: Trusted Computing devices only give signed code full privileges, which means that the device is essentially controlled by the code signer, not by the device owner. -- User:Bkaindl Dec 27 2003

This wording is incorrect in many ways. First, signed code is not an element of TCPA. There is no signed code used anywhere in the system. Instead, the TPM is able to take a crypto hash of code as it loads, and this hash can be used to control access to data. So any reference to signed code is wrong and should be removed from the page. Please provide some kind of citation to the contrary if you oppose making this change.

Secondly, the comment about "parties which have the control over the device" is mistaken as well. No one has control over the device. The device generates its own internal crypto keys, and neither the computer owner, nor software/OS vendors, nor the computer manufacturer, nor members of the TCG (TCPA), gets control over those keys. Rather, the TPM uses those keys to protect data and to make assertions about the software configuration that can be verified by third parties.

I think you are misled by the analogy to the XBox. Maybe that system uses signed code; I don't know. But a TCPA system is not an XBox. It does not rely on signed code, rather it relies on the TPM knowing what software is running and being able to report and use that information in a trustworthy and reliable way.

I propose to remove the two paragraphs you added comparing the system to the XBox and claiming that only signed code will run. Please provide additional support for these claims if you don't want me to do that. MKWilliams 19:03, 10 Jan 2004 (UTC)

Okay, it's been a month and you haven't responded, so I'll remove those paragraphs. MKWilliams

I've just added an article -- Telephone Consumer Protection Act of 1991, commonly abbreviated TCPA. But of course, TCPA is a redirect to this page. I was wondering if there should be some sort of disambuguation page, so people can tell between the Act and the Trusted Computing Platform Alliance. I'm new at this, so I'm not sure about the correct procedure. Would be happy to hear suggestions. Thanks. Kiefer 18:06, 15 Sep 2004 (UTC)

How about a section on criticism of the TCPA (aka TCG)? -aerodynamic