[Python-ideas] [Python-Dev] Proposal : Python Trusted Computing API

geremy condra debatem1 at gmail.com
Tue Oct 20 08:46:14 CEST 2009 

On Mon, Oct 19, 2009 at 2:29 AM, Abhiram Kasina
<abhiram.casina at gmail.com> wrote:
> Hi
>
> Trusted Computing (TC) is a technology developed and promoted by the Trusted
> Computing Group (TCG)[3]. So, basically the group came up with these chips
> called TPM chips which are present on most motherboards nowadays. The main
> purpose of it is to enhance security so that infected executables don't run.
> It also provides memory curtaining such that cryptographic keys won't be
> accessible and many other features. There was a criticism on this from the
> FOSS community as well that it enables DRM. No wonder, it is being pushed by
> Intel, Microsoft, AMD, etc..

I personally have grave concerns about this technology, independent of
who is advancing it- just reading the links you provide makes it clear
that its primary purpose is to restrict the degree of control a user can
exercise over their own data, programs, and machine. Is it any wonder
that the same people who find DRM abhorrent find the technologies
used to advance it equally distasteful?

> But personally I think its a good idea from security point of view.

Besides sealed storage and memory curtaining- which I admit have
seductive security implications- all of the supposed advantages
of a TPM can be replicated using non-interactive zero knowledge
proofs. I'd rather we put that capability into the standard library-
but I strongly doubt that's going to happen any time soon.

> So, currently there is an TSS (TCG Software Stack)[1] API written in C. And
> TrustedJava[2] is a project which ported it to Java and is going to be
> included in the standard API of Java soon. They have 2 versions of it. One
> is a simple wrapper on top of the API and the other is a whole
> implementation of the stack in Java.
>
> My proposal is we create an API for it in python.

I also suspect that if this were a simple undertaking, there wouldn't
be a 'we' in this sentence.

> Reason: I am a developer in Umit and I think Python is a very good platform
> for developing applications. So, why not create an API which helps in
> developing secure applications?

If you were suggesting adding a crypto API to python, I'd be all
for it- but you're suggesting adding the ability to have Python
software vendors remotely cripple the code on your machine.
I just can't get behind that, and while you're sure to hear wildly
divergent opinions on this board, I suspect that mine will not
be an uncommon sentiment.

Geremy Condra

More information about the Python-ideas mailing list