Talk:Trustworthy Computing
From Wikipedia, the free encyclopedia
Contents |
[edit] it should be redirected
Vaquerito - this really should be redirected. This is just Microsoft PR obfuscation, I do not believe there is a shred of evidence that this is in any way different from ordinary TC - see [1] for example. If you do believe it is different, you have to explain how The current article (stub really) doesn't. Even then, it probably makes more sense to have that stuff as a section in the other article. As for this being used for a class: your students can contribute to the main TC article, that way they can benefit from contact with the other editors there. I am against setting up "private rooms" in Wikipedia on general principles. ObsidianOrder 07:17, 1 September 2005 (UTC)
ObsidianOrder -- I agree that students could (and perhaps should) contribute to the TCG article, although there is a difference between the TCG and Trustworthy computing -- some of it is Microsoft's plan, but not all of it. I'm not proposing a private room, but instead to separate a movement that is partially sponsored by a company and gaining support by others (TCG is, itself, an industry consortium). Criticism of the movement (trustworthy computing) could also be captured by editors and authors in the Trustworthy Computing page, I don't see a need to force all discussion to a single page. After all Wikipedia encourages cross-linking of related concepts. In any case, I agree with you that the stub needs to be more complete, but I do believe that blanket redirecting (as well as your link to the salon article) is a bit of an opinion more than a fact -- and I set this up in order to expand on it. The spirit of Wikipedia is to embrace different points of view, is it not? I certainly agree that Microsoft as an organization is controversial, but I am a big supporter of pluralism. The class that I am teaching in Boulder tries to focus on the subtle differences of trustworthy computing, trusted computing, and the intersection of these concepts with different technologies. Wouldn't it be fair to allow us a couple months to develop the idea in the spirit of free epxression? Here at the University of Colorado a number of professors like me are trying to encourage students to expand the content and add new material, this is quite difficult if we get into sort of battles like this at such an early stage on whether or not an article should be allowed.
- Vaquerito - I would have no objection if you had an article under "Trustworthy Computing" which was more substantial than a stub, and which addressed what the specific differences between "Trusted" and "Trustworthy" computing are, and why they are significant. At a mininum the claim that they are not the same thing requires references. I'm a supporter of pluralism, but I'm an even bigger supporter of citing sources ;) Also: the "Trusted Computing" article is not specifically about the TCG, it's both the most general and most common term for all these proposed technologies. On the other hand "Trustworthy Computing" is a Microsoft vanity page, unless you can demonstrate otherwise ;) compare that with Intel Inside. ObsidianOrder 09:23, 9 September 2005 (UTC)
Obsidianorder -- Sounds fair: we'll work on a more substantial differentiator and will repost. Thanks for engaging in a productive dialogue with me on this, I'll be interested to read your comments (and hopefully your critiques as well) as this develops. Cheers.
[edit] Revised Article - Please Do Not Redirect
The article posted 11/5 draws distinctions between trustworthy and trusted computing and sites sources other than and prior to Microsoft.
I believe it meets the requirements above, and I would request it not be redirected. Colonel301 22:46, 5 November 2005 (UTC)colonel301
- Well the section headed 'Microsoft and Trustworthy Computing' is still a pretty blatant piece of PR blurb that needs rewriting or deleting for a start. --Aim Here 17:14, 12 March 2006 (UTC)
[edit] Blurb deleted
Sigh. Some POV-warrior by the name of Robust Physique seems to want to keep this passage in the article. It's disgusting PR-type blurb and I'm not going to let it stay in without a VERY good reason.
"The computing industry recognizes the need to increase the overall level of trust and “trustworthiness” in computing. Computers have been successful for office and home applications, but are losing momentum and acceptance when it comes to new services and system integrations. In effort to move forward and build consumer confidence, Microsoft launched their concept of Trustworthy Computing focused on the framework of security, privacy, reliability, and business integrity. Despite criticism from the Open-source community, Microsoft’s ultimate goal of developing Trustworthy Computing is shared by the entire industry. The task of recovering and building consumer confidence goes beyond any single technical development or advance. It will take time, commitment, and industry cooperation to create a level of Trustworthy Computing required for the next generation of computing."
It asserts without evidence that 'the computing industry', whatever that is, recognises some need or other, then makes claims about 'momentum and acceptance' and 'consumer confidence' without any indication of how those are to be measured, repeats some Microsoft PR buzzwords about security and reliability and whatnot, makes assertions 'despite criticism from the Open-source community', excludes the Open Source community from the computing industry, makes more assertions about Microsoft's ultimate goal and the goal of the computing industry and then assaults the reader with yet more vapid and meaningless PR fluff at the end. This garbage is biased, unsourced, speculative, largely meaningless, unencyclopedic, probably an advert and doesn't belong here. I'm deleting it. Anyone got a problem with that? --Aim Here 14:19, 14 March 2006 (UTC)
- I agree. That is not the only such section in the article, though. ObsidianOrder 17:09, 14 March 2006 (UTC)
[edit] reasons for proposed merge
I've been watching this page since its creation. I was very doubtful as to whether it could ever grow into a real article, instead of just parroting Microsoft marketing/PR, but I thought I'd give it a chance. Well, I have to say that it has so far completely failed to do so. Almost every sentence suffers from pro-Microsoft bias, both subtle and not-so-subtle. There is very little real content here, and what there is is sourced from Microsoft only (which is ok, it is noteworthy - but it's not ok as a complete article; it has to be placed in a context which includes other points of view). Therefore, I propose this be (a) trimmed to about one section in length and (b) inserted into the Trusted computing article. ObsidianOrder 06:07, 17 March 2006 (UTC)
- This article's clear need for some copy editing and knocking out of some of the blatant marketing-speak, doesn't imply that we should throw away the article altogether. There is useful and noteworthy information here -- we should Keep this article and the wording should be improved. Warrens 07:16, 17 March 2006 (UTC)
- Trustworthy computing != Trusted computing. There are a few similarities - especially in the promised benefits and outcomes, but the ways of getting there are totally different. Trustworthy computing is a Microsoft effort whereas Trusted Computing is an wider industry activity. Keep and improve this article. --Boxflux 08:01, 17 March 2006 (UTC)
-
- Clarification: obviously TwC is not exactly the same as TC. It is however pretty closely related. As far as I can tell, TwC is substantially TC at the hardware level plus a "we'll try to be good and avoid security bugs" promise. Also, there is some question about whether TwC even exists outside MS marketting ;) ObsidianOrder 17:20, 17 March 2006 (UTC)
- Weak disagree (this is a proposal not AfD :-) — the article itself states that TwC should not be confused with TC and at first I was inclined to think "keep the two articles, they're clearly distinct". I recognise that Trustworthy Computing is a Microsoft effort to boost trustworthiness of computing platforms, as opposed to Trusted Computing which comprises the efforts of the TCG et al. However whether TwC is notable enough to justify its own article is a different matter; it's likely to come across as marketroid and/or POV. Perhaps it should just be incorporated into the Windows or TC articles? StephenFalken 10:45, 17 March 2006 (UTC)
Actually this term does not come from Microsoft marketing. It comes form a lot of security experts reacting to the term 'trusted computing' by pointing out that we already have trusted computers, the problem is that their design does not meet the reliance placed on them. For example Phill Hallam-Baker brought this up in Brian LaMacchia's Palladium talk at RSA Europe a few years back. Others have brought up the same point. Don't confuse responding to criticiswm with marketting speak. Microsoft also get flak for using the term 'user experience' rather than 'user interface' even though this term actually comes from Donald Norman (Apple, Google usability guru).
There are differences between the Microsoft program and the TCPA program but using the trusted/trustworthy hook as a distinction is not useful. The operating systenm formerly known as Palladium is a design for a trustworthy partition within an O/S. The TCPA project is mostly about providing a trustworthy boot path.
The term 'trusted' comes in from Orange Book which in term gets it from a Butler Lampson paper. Butler is one of the architects of Palladium at Microsoft. He certainly knows the difference between Trusted and Trustworthy. --Gorgonzilla 15:50, 19 March 2006 (UTC)
- Which Butler Lampson paper is that, and did he really define the term "trusted" in computing before anyone else? Warrens 16:15, 19 March 2006 (UTC)
-
- According to the bibliography at [2] it's A note on the Confinement Problem: "trusted, i.e. that the customer believes it will not leak his data or help any confined program which calls it to do so". Is that what you meant Gorgonzilla? StephenFalken 16:30, 19 March 2006 (UTC)
- He first introduced the trusted compartment known in Orange Book as the 'Trusted Computing Base' as the 'security monitor' which is described as the trusted base for the secure O/S. By the time orange book was written the term monitor had been replaced by operating system so they used the description as the term of art. I do not remember the paper, its the cannonical one where he sets out the principles of secure operating systems. --Gorgonzilla 18:23, 19 March 2006 (UTC)
Regardless I think that the articles should be merged and reorganized. Microsoft do not intend their project to be considered different in objective here. I would make the core article a merged one on Trusteworthy computing, make Trusted a redirect to that and link to separate articles on the terms Trusted Computing Base, Trusted Computing Platform Alliance, Palladium/NGCB.
The criticism section should be structured as 'objections'. The majority of the criticism is really about the possibility of using trusted computing to enforce copyright protection. This is not the main use that security people see for Trustworthy platforms though. <a href="http://dotfuturemanifesto.blogspot.com/2006/02/why-linux-must-embrace-trustworthy_09.html">PHB argues that copyright enforcement schemes based on TC are doomed to failure, Linux needs to support TC as a basic security measure</a>, to prevent crypto keys being exported off the platform.
Unfortunately most of the comments being linked to are from people who are recognized outside the field rather than insiders. There is a big difference. People like Lampson, LaMacchia, Hallam-Baker, Ellison, etc. are much less well known on slashdot than Schneier or Anderson who are important security people but not specialists in this area. --Gorgonzilla 18:23, 19 March 2006 (UTC)
- Disagree. There's not even any overlap here. Trusted Computing is about a set of technologies that can be used to limit use of data to a single application, thus preventing (e.g.) secret keys from being stolen by an unauthorised application. It is a hardware improvement to PCs and a set of software protocols for the use of that hardware that when used together give computers a new capability that has previously been impossible: allow data to be transferred onto a computer in a way that prevents any application other than authorised ones from accessing it, even with the user's permission. Trustworthy Computing is about doing the things computers currently do more reliably; it's about not having bugs. The two projects are totally orthogonal. The only things they have in common are they both relate to security and they have similar names. JulesH 22:29, 20 March 2006 (UTC)
-
- You are wrong. Microsoft did not originate the term, they are not the only people to use it. Trustworthy Computing is a superset of the objectives that the TCA are persuing. It is not just about not having bugs. --Gorgonzilla 13:51, 2 April 2006 (UTC)
-
-
- How can he be "wrong"? JulesH didn't say that Microsoft was the originator of the term, nor did he say that Microsoft are the only ones to use the term. Also, arguing that one thing is a superset of another doesn't obviate the need for a separate article on the subject. Microsoft's goals with their TC initiative are to make the operating system more secure against attacks, more reliable (higher availability and more predictable), and to protect users' privacy better. Remember where this started? 2001 -- perhaps ths second really awful year for Microsoft in terms of security vulnerabilities. So, they pursued their TC initiative, which led to things like the "Security Development Lifecycle" approach to software development. Two years later released Windows Server 2003. Is Server 2003 a "trusted computing" platform? Absolutely not! It contains (even as of Server 2003 R2) none of the TCG's platforms and technologies. Almost a year and half after -that-, XP SP2 came out. Is XP SP2 a "trusted computing" platform? Absolutely not! And yet, both these platforms (especially 2003 SP1) are heavily informed and influenced by the Trustworthy Computing initative. NGSCB (which has apparently been renamed Windows Integrity) is Microsoft's implementation of trusted computing, and very little of NGSCB is being included with Vista. As JulesH said, and as the articles themselves state, the two concepts are absolutely not one and the same. If Trustworthy Computing were a subset of Trusted computing, and Microsoft was just using it as a marketing term, then I would be willing to support this merge, but that's clearly not the case. Warrens 14:27, 2 April 2006 (UTC)
-
-
-
-
- Of course Windows 2003 is TrustED, so was MSDOS. Critical applications including business and life critical systems depend upon both. Linux is TrustED. The point made is that they are not sufficiently secure to be worthy of the trust. It is the same point Nielsen made on 'User Interface' vs 'User Experience' one is a component of the other, what matters is the totality of the experience. Microsoft also use UE, but so do Google. The point is that there should be three articles here. One on the concept of trustworthy computing equivalent to the article on 'User Experience'. A second one on Microsoft's Trustworthy Computing initiative. A third on the TCG proposals. Microsoft does not own this concept. The strong DRM objections are much more relevant to the concept that any given implementation. --Gorgonzilla 15:46, 2 April 2006 (UTC)
-
-
-
-
-
-
- So you're proposing a split instead of a merge, then? Warrens 17:55, 3 April 2006 (UTC)
-
-
-
I am suggesting a merge and a split so that we end up as follows:
- Trustworthy Computing Article on the abstract principle, including the politics
- Trusted Computing Redirect to Trustworthy
- Microsoft Trustworthy Computing Initiative Article on the Microsoft specific initiative including Palladium
- Trusted Computing Group Article on the TCG specific proposals
The point is that if there is a OSS centered activity here it would most likely be called trustworthy computing not trusted. At the moment most people outside the security field merely repeat the slashdot view that the only use for this stuff is to create strong DRM. In fact as pretty much everyone inside the field knows this stuff is no better for strong DRM than CSS or any of the other failed schemes. Copyright protection is break once run anywhere.
What people are looking at is using the Palladium class hardware features to support similar features on Linux. For example mechanisms to allow strong storage of private keys for SSL certificates.
Most of the anti-Microsoft rants here are really rants against certain applications of the technology. That is something security insiders are all familiar with Cryptography is not morality. Security changes the balance of power in a situation and that is always political. --Gorgonzilla 18:40, 3 April 2006 (UTC)
- I am firmly against merging Trusted computing and Trustworthy Computing. They ARE separate topics, despite whatever hand-waving may be attempted by you or others to try to make them out as being one thing. Read the articles as they stand today -- the distinction is pretty clearly stated. We would end up with one topic covering two separate things, which would invariably lead to someone proposing splitting them back into two articles.
- I think the way things are now (save for the recent, unexplained rename from "Trusted computing" to "Trusted Computing") is a fair delineation of the subject at hand: Trusted computing, Trusted Computing Group, NGSCB, and Trustworthy Computing are all unique topics. A separation of the Microsoft initiative wouldn't be such a bad thing, because it could cover some historical perspective and how it has affected Microsoft, and other related subjects such as the Security Development Lifecycle that have evolved from MS's Trusted Computing initative. With those things separated out, the article could be renamed "Trusted computing", and be a philosophical treatise on the concept of reliable, trusted, always-available computing, and that's it.
- Perhaps we should RfC this and get some other viewpoints? Warrens 06:30, 4 April 2006 (UTC)
[edit] Worst Wikipedia Article Ever
This article is a load of crap. It should be one paragraph and simply say exactly what the difference is between trusted computing and Microsoft's version of it. Is it hardware or is it software. Does it use the Trusted computing chip. None of this "3rd pillar of faith and fairness" PR bullshit. If I wanted that garbage I'd go to microsoft's web page, not wikipedia.
Upon reading the article again I've realized that Trustworthy Computing means absolutely nothing except as an obfuscated reference to the vague idea that computers should be more reliable. This entire article is a waste of time and I feel stupider for having read it. I hope everyone that contributed to this article gets banned from Wikipedia. Windkin 20 March 2006.
[edit] Controversy
Most of the information in the controversy section actually seems to refer to Trusted Computing. The difference between the two is clarified in the begining of the article. Can we remove this section? Superm401 - Talk 22:50, 19 January 2007 (UTC)