Just three weeks before Microsoft Corp. publicly details plans to create a secure operating mode for Windows PCs, two top cryptographers have raised concerns about Microsoft's approach.
Whitfield Diffie, a distinguished engineer at Sun Microsystems Laboratories, said an integrated security scheme for computers is inevitable, but the Microsoft approach is flawed because it fails to give users control over their security keys. Ronald Rivest, an MIT professor and founder of RSA Security, called for a broad public debate about the Microsoft move.
Microsoft first tipped its plans, formerly code-named Palladium, about a year ago. Since then some details have emerged about the concepts for what Microsoft now calls the next-generation secure computing base (NGSCB, pronounced "enscub").
Microsoft has detailed its plans to as many as 30 partners under non-disclosure agreements. The company plans to unveil the full technical details and partnerships behind its plans at the Windows Hardware Engineering Conference in early May.
The Microsoft approach "lends itself to market domination, lock out, and not really owning your own computer. That's going to create a fight that dwarfs the debates of the 1990's," said Diffie as part of a broad panel discussion on cryptography at the RSA Conference here Monday (April 14).
"To risk sloganeering, I say you need to hold the keys to your own computer," added Diffie to strong applause for the audience of several hundred security specialists.