In an opening keynote address at the RSA conference in San Francisco today, Craig Mundie, chief research and strategy officer at Microsoft, called for broad discussions about the safety of the Internet in an initiative called “End to End Trust“.
Core to the concept is something called “a trusted stack,” where security is housed or rooted in the hardware, but each piece — the hardware, software, the data and even the people involved — can be authenticated if necessary.
“We believe that End to End Trust will transform how the
industry thinks about and approaches online trust and
security,” said Mundie. “End to End Trust will enable new
opportunities for collaboration on solutions to social,
political, economic and technical issues that will have a
long-term impact on Internet security and privacy.”
In the white paper which was authored by the chief of
Microsoft’s Trustworthy Computing group, Scott Charney,
Microsoft laid out its ideas. “Microsoft and the
technology industry alone cannot create a trusted online
experience,” Charney said in remarks released before
Mundie’s speech. “For that to happen, industry must not
only band together, but must work with customers,
partners, governments and other important constituencies
on a road map for taking Trustworthy Computing to the
Internet.
“Trustworthy Computing” is the tag that Microsoft applied
to its efforts, now six years old and counting, to
improve the security of its own software, primarily
Windows.
Much of Charney’s white paper was devoted to
authentication issues, including establishing identities
on the Internet to, for example, provide children-only
zones where kids can interact without the fear of adult
predators. Other sections spelled out longtime Microsoft
ideas, such as linking the operating system with the
hardware for a “trusted boot” environment that guarantees
the code hasn’t been tampered with, and digitally signed
applications.
But Charney also took time to promise what the End to End
Trust would not do. “First, nothing in this paper is
meant to suggest that anonymity on the Internet be
abolished,” wrote Charney. “Second, nothing in this paper
is meant to create unique, national identifiers, even if
some countries are creating identity systems that do so.
Third, nothing in this paper supports the creation of
mega-databases that collect personal information.”
“A lot of the concepts [in End to End Trust] already
exist on the Internet, all of which we generally
support,” Stathakopoulos said.
He conceded that not everyone will take to Microsoft’s
pitch or acknowledge its right to step up and call for
talks. “In the end, our actions will speak for
themselves,” he said.
Microsoft has established a forum for such talks.
[source: Computerworld]