----- Original Message -----
From: Alan Cox <[email protected]>
Date: 14 May 2003 14:49:03 +0100
To: Dean McEwan <[email protected]>
Subject: Re: Digital Rights Management - An idea (limited lease, renting, expiration, verification) NON HARWARE BASED.
> On Mer, 2003-05-14 at 14:52, Dean McEwan wrote:
> > It would be set up so that files have an internal signature (ELF format might have to be
> > fiddled with). It would verify itself by sending info to the creator of the contents PC OR server
> > asking for verification of itself, files could be limited lease, rented, or automatically expire
> > after some time.
>
> That way around doesnt actually work because I'll simply lie, fake the server or firewall you
Encrypted binary, in a XML wrapper that needs decryption key from owners site.
Uses port 80...
> (in fact any serious business firewalls all outgoing traffic from end users). If you want
> to do it for internal trust and you control the systems (the useful case) you set SELinux
> or RSBAC up so that all applications create files in a "non runnable" class. The only way
> to transition an app is a single user application which does your key checking and other
> processing then transitions the binary to "safe". I guess you also add a general rule that
> writing to a file moves it back into non runnable.
>
> One of the problems with this is interpreters. Its easy to do this with ELF binaries but
> you have to extend it to scripts and that normally means more pain 8)
>
>
>
--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
On Wed, May 14, 2003 at 03:22:46PM +0000, Dean McEwan wrote:
> > That way around doesnt actually work because I'll simply lie, fake the server or firewall you
>
> Encrypted binary, in a XML wrapper that needs decryption key from owners site.
> Uses port 80...
... and is declared a firing offense. BTW, the privacy issues (and related
information leak/blackmail potential) are mind-boggling - it's not just
"some guy bought $material", it's "this guy had accessed $material at
$list_of_times".
And that's besides being unable to use the FPOS in question on a laptop,
going tits-up whenever a backhoe finds your cable, doing the same when
vendor's boxen get screwed, yadda, yadda.
Crap idea.
> [[email protected]]
>
> On Wed, May 14, 2003 at 03:22:46PM +0000, Dean McEwan wrote:
> > > That way around doesnt actually work because I'll simply lie, fake the server or firewall you
> >
> > Encrypted binary, in a XML wrapper that needs decryption key from owners site.
> > Uses port 80...
>
> ... and is declared a firing offense. BTW, the privacy issues (and related
> information leak/blackmail potential) are mind-boggling - it's not just
> "some guy bought $material", it's "this guy had accessed $material at
> $list_of_times".
>
> And that's besides being unable to use the FPOS in question on a laptop,
> going tits-up whenever a backhoe finds your cable, doing the same when
> vendor's boxen get screwed, yadda, yadda.
>
> Crap idea.
Totally.
Two more problems:
1) In this case the decryption key is an intergral part of the software
and as such needs to be supplied as per fair use clauses.
2) Alan's argument stands. It is possible to fake the server and provide
the key once the user have pinched a working copy. The wrapper can be
reverse-engineered for communication key magics if need be.
--
Tomas Szepe <[email protected]>
On Wed, 14 May 2003 15:22:46 -0000, Dean McEwan said:
> Encrypted binary, in a XML wrapper that needs decryption key from owners site
.
> Uses port 80...
"A distributed system is one in which the failure of a computer that you've
never heard of can render your system inoperable" -- Leslie Lamport
You *do* realize that the last company that tried to sell us this sort of
scheme is now possibly looking at $2.2 *trillion* in fines because they dorked
it up so badly?
This assuming that your corporate security officers allow the traffic through
the firewall.
As Randy Bush likes to say on the NANOG list: "I encourage my competitors
to design their networks this way"....