Trusted Computing: Difference between revisions

Trust means something different to security experts than the meaning laypersons often assign. For example, the [[United States Department of Defense|United States Department of Defense's]] definition of a trusted system is one that can break your security policy; i.e., ''"a system that you are forced to trust because you have no choice."'' Cryptographer [[Bruce Schneier ]] observes ''"A 'trusted' computer does not mean a computer that is trustworthy."'' According to those definitions a [[video card]] is ''trusted'' by its users to correctly display images. ''Trust'' in security parlance is always a kind of compromise or weakness—sometimes inevitable, but never desirable as such. As another analogy, your best friend cannot share your medical records, since he or she does not have them. On the other hand, your doctor does, and can (legal issues with doing so aside). It is possible that you trust your doctor and think he or she is a great person; it's equally possible that there is only one doctor in your town, so you are forced to trust him or her.

 

 

Critics of trusted computing are further concerned that they are not able to look inside trusted computing hardware to see if it is properly implemented or if there are [[Back_door|backdoors]] which poses a serious risk to national security, company secrets, and privacy. The trusted computing specifications are open and available for anyone to review, but the actual implementations are not. As well, many are concerned that cryptographic designs and algorithms become obsolete. This may result in the forced obsolescence of TC-enabled computers. For example, recent versions of ''trusted computing'' specifications added, and require, the [[AES]] encryption algorithm.