From thardjono@verisign.com Wed Dec 4 16:25:46 2002 From: thardjono@verisign.com (Thomas Hardjono) Date: Wed, 04 Dec 2002 11:25:46 -0500 Subject: [IETF-IDRM] test - ignore Message-ID: <5.0.0.25.2.20021204112529.027cf598@pop.mail.yahoo.com> test - ignore From mbaugher@cisco.com Tue Dec 10 23:43:00 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Tue, 10 Dec 2002 15:43:00 -0800 Subject: [IETF-IDRM] [IDRM] Disband or recharter IDRM? Message-ID: <5.1.1.5.2.20021210153822.04a911e8@mira-sjc5-6.cisco.com> IDRM has obviously been dormant for about a year. Over the past year, many content-trading businesses and DRM technology vendors have failed. The movie studios are currently trying out Internet distribution while there is a buzz in the technical community about the irrelevance of DRM to internet entertainment. Nonetheless, DRM-based products are incubating at a few big software, entertainment, and consumer electronics companies; these will likely affect the Internet in years to come. The EFF and a few other public-interest groups have consistently raised important privacy and consumer rights issues related to aspects of DRM technology. Some of these concerns are echoed in the standards bodies. Although, MPEG and other organizations are standardizing interfaces to key management, licensing, and content-protection systems, IDRM has done little towards our original goals of investigating the affects of DRM technologies on Internet open-standards and the end-to-end model. Thomas, Sam Sun, Vern Paxson and I have been discussing the state and direction of IDRM for many months now. We have considered resuming our work despite the dissension that the very notion of DRM causes within the Internet community; we have also discussed re-chartering the group, as well as disbanding the group. We think that the right thing to do at this time is to open a discussion on this list. And we thought we would share with you just a few things that we have discussed up to this point. First, there are interoperability issues in DRM. Entertainment systems typically use licensed standards rather than open standards so the licensor can validate that the licensee addresses various concerns for content handling. When applied to the Internet, this tradition might foster proprietary protocols that diminish interoperability, increase complexity, discourage innovation and increase costs. For example, DVB simulcrypt interoperates with a great variety of key management protocols, which is good, but it is prohibitively expensive to introduce standardized key management in DVB systems, which is bad. Regardless of one's feelings toward DRM or content protection, open standards can mitigate some negative effects of this trend through standard interfaces to end systems. There are also general end-to-end issues that have a technology component. At the level of the global Internet, the DRM concerns raised by Internet music and movie trading are another case of one community (national, regional or virtual) wanting to assert control over how the Internet is used by others. DRM is closely related to privacy rights of individuals and groups, to the conflict between community standards and a global information infrastructure. There are some problems posed for the Internet end-to-end principle by the demand for controls by geographical regions or global industries. I doubt whether these problems have technical solutions but they may foster new technologies and standards, for better or worse, such a P3P. These technologies are of interest to the Internet community, and the IDRM RG could serve as a forum for them just as it could serve as a group that looks ahead towards new standards needed by applications that use content protection or DRM technologies. We can think of reasons, therefore, to keep the IDRM group functioning. But our list has been dormant and little work has been brought to the group over the past 18 months. We should consider these things as we consider what to do with IDRM. Mark From glarose@info-mech.com Wed Dec 11 14:23:00 2002 From: glarose@info-mech.com (Gord Larose) Date: Wed, 11 Dec 2002 09:23:00 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? References: <1qcd67$jd0h@halt-in.cisco.com> Message-ID: <002001c2a120$cf33d060$0400a8c0@sympatico.ca> Hello: Most of you on the list will not know me, as I came in during your period of dormancy. I too have been mulling these issues, as the DRM company that I helped found (NetActive) struggled like most others in the space. I think there are two classes of issues here - the social-advocacy ones and the technical ones. The social-advocacy issues are horribly subjective. The concerns were well expressed in Mark's email, and we could spend thousands of words debating them. For what it is worth, I believe that DRM is not philosophically wrong, and further, that it is commercially necessary. However, I do not believe that the current "axis of greed" between Hollywood and Washington serves the best interests of American citizens and, as a Canadian, I am very concerned about the United States' efforts to impose its draconian views of copyright enforcement on the rest of the world. Good DRM does not have to put Big Brother on your hard drive. If it does, then the price is too high. On a philosophical level then, I say there is a need for smart people to build workable DRM that citizens can live with. The point issue of this technical group's mandate is much clearer IMO. The core technology challenges for DRM are terminal node challenges, not network challenges. Sure, a network is usually involved, but DRM is nothing special for the network. DRM's basic network needs are nothing harder than http/https over tcp/ip. And the terminal mode challenges are largely about things like tamper-resistance, which are proprietary and not very amenable to standardization. It's not something where an IETF group adds much value. So where does that leave the group ? Seems to me the options include: 1) disband 2) generalize the focus to a multidisciplinary one, along the lines of http://www.bcdforum.org . (Though I have to confess I find that organization lacking substance.) 3) Find specific technical problems that are obstacles to good (i.e. effective but not Orwellian) DRM, which are going begging, and in scope, and work on solutions. I don't have a top-of-mind suggestion for #3, but it sounds like the most fun! Other thoughts ??? Best Regards, Gord Larose ----- Original Message ----- From: "Mark Baugher" To: Cc: ; "Vern Paxson" Sent: Tuesday, December 10, 2002 6:43 PM Subject: [IDRM] Disband or recharter IDRM? > IDRM has obviously been dormant for about a year. >SNIP< From thardjono@verisign.com Wed Dec 11 17:55:15 2002 From: thardjono@verisign.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 12:55:15 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <002001c2a120$cf33d060$0400a8c0@sympatico.ca> References: <1qcd67$jd0h@halt-in.cisco.com> Message-ID: <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Gord, I agree with most of your comments. Judging from the "emotional outcry" we received at the last IDRM meeting (Salt Lake City IETF, end of 2001), DRM seems to mean different things to different people. At 12/11/2002||09:23 AM, Gord Larose wrote: >Hello: > Most of you on the list will not know me, as I came in during your period >of dormancy. I too have been mulling these issues, as the DRM company that >I helped found (NetActive) struggled like most others in the space. > >I think there are two classes of issues here - the social-advocacy ones >and the technical ones. > >The social-advocacy issues are horribly subjective. The concerns were >well expressed in Mark's email, and we could spend thousands of words >debating them. For what it >is worth, I believe that DRM is not philosophically wrong, and further, that >it is commercially necessary. However, I do not believe that the current >"axis of greed" between Hollywood and Washington serves the best interests >of American citizens and, as a Canadian, I am very concerned about the >United States' efforts to impose its draconian views of copyright >enforcement on the rest of the world. > Good DRM does not have to put Big Brother on your hard drive. If it does, >then the price is too high. Right. So one of the notions we put forward in the IETF was: is it at all possible to create "open-source DRM technologies", so that small mom-and-pop publishers need not pay $$$ for proprietary solutions. The analogy is that with Linux and the Apache webserver, which are available for around $30. Another useful comparison in the RSA encryption algorithm, which is good technology, well understood, standardized and now finally over the patent hurdle. I realize that some folks take the (radical) position of being against any development of DRM technology whatsoever. The best way to ensure Big Brother does not happen is to go against any work relating to DRM. The reality is that DRM Technology is here to stay (proprietary), whether we like it or not. It will ship inside PCs and in consumer electronics devices. I think such a position actually helps the Big Brother syndrome, as it does not provide an option to the general public as to alternative sources of technology. >On a philosophical level then, I say there is a need for smart people to >build workable DRM that citizens can live with. > >The point issue of this technical group's mandate is much clearer IMO. The >core >technology challenges for DRM are terminal node challenges, not network >challenges. Sure, a network is usually involved, but DRM is nothing special >for the network. DRM's basic network needs are nothing harder than >http/https over tcp/ip. And the terminal mode challenges are largely about >things like tamper-resistance, which are proprietary and not very amenable >to >standardization. It's not something where an IETF group adds much value. Right. This is where the word "DRM" is I think a misnomer for the IETF efforts. You are absolutely right, that DRM is indeed "terminal node challenges" (ie. development of rights-enforcing terminals), which is not the traditional area of work for the IETF. However, there some network issues that is part of what I call the "DRM macrocosm", which included functions relating to look-ups, secure network storage, transaction clearinghouse, etc. These would appear to be suitable for work items in the IETF. Thus, one possible change to IDRM is a new name that is less likely to be controversial. >So where does that leave the group ? Seems to me the options include: >1) disband >2) generalize the focus to a multidisciplinary one, along the lines of >http://www.bcdforum.org . (Though I have to confess I find that organization >lacking substance.) >3) Find specific technical problems that are obstacles to good (i.e. >effective but not Orwellian) DRM, which are going begging, and in scope, >and work on solutions. > >I don't have a top-of-mind suggestion for #3, but it sounds like the most >fun! Yes, the keyword is "fun". Perhaps others on the list may have specific suggestions? cheers, thomas ------ >Other thoughts ??? > >Best Regards, > Gord Larose > >----- Original Message ----- >From: "Mark Baugher" >To: >Cc: ; "Vern Paxson" >Sent: Tuesday, December 10, 2002 6:43 PM >Subject: [IDRM] Disband or recharter IDRM? > > > IDRM has obviously been dormant for about a year. > >SNIP< From judge@cc.gatech.edu Wed Dec 11 21:21:28 2002 From: judge@cc.gatech.edu (Paul Judge) Date: Wed, 11 Dec 2002 16:21:28 -0500 (EST) Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Message-ID: On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > Right. So one of the notions we put forward in the IETF was: is it at all > possible to create "open-source DRM technologies", so that small > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > analogy is that with Linux and the Apache webserver, which are available > for around $30. > Another useful comparison in the RSA encryption algorithm, which is good > technology, well understood, standardized and now finally over the patent > hurdle. I think that this is a reasonable strategy and a worthy goal. We were working on some content protection architectures here that have very similiar motivations. An open-source standards-based DRM system would enable the small content providers as well as provide an alternative to multiple proprietary formats and systems. > >On a philosophical level then, I say there is a need for smart people to > >build workable DRM that citizens can live with. > > > >The point issue of this technical group's mandate is much clearer IMO. The > >core > >technology challenges for DRM are terminal node challenges, not network > >challenges. Sure, a network is usually involved, but DRM is nothing special > >for the network. DRM's basic network needs are nothing harder than > >http/https over tcp/ip. And the terminal mode challenges are largely about > >things like tamper-resistance, which are proprietary and not very amenable > >to > >standardization. It's not something where an IETF group adds much value. > > Right. This is where the word "DRM" is I think a misnomer for the IETF > efforts. You are absolutely right, that DRM is indeed "terminal node > challenges" (ie. development of rights-enforcing terminals), which is not > the traditional area of work for the IETF. > > However, there some network issues that is part of what I call the "DRM > macrocosm", which included functions relating to look-ups, secure network > storage, transaction clearinghouse, etc. These would appear to be suitable > for work items in the IETF. The way that I've been thinking about this is that DRM tries to solve three problems: 1) secure distribution/conditional access, 2) protected storage, and 3) output protection. True, #3 is largely about 'terminal node challenges', but #1 and #2 largely include distribution architectures and supporting systems. I believe that there is room in these areas for IETF work. > Thus, one possible change to IDRM is a new name that is less likely to be > controversial. Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce the confusion since DRM is such an overloaded term. If the focus becomes protected distribution and protected storage areas, then how about a name to describe that as opposed to the output protection area. >>3) Find specific technical problems that are obstacles to good (i.e. >>effective but not Orwellian) DRM, which are going begging, and in scope, >>and work on solutions. >> >>I don't have a top-of-mind suggestion for #3, but it sounds like the most >>fun! >>Yes, the keyword is "fun". Perhaps others on the list may have specific >>suggestions? based on what i've worked on before, there are a few things that come to mind. there are a few components that must exist in a protected distribution/storage environment: secure content objects, content object importation system, ACL servers (1 that assigns rights and 1 that can be used to lookup rights based on a user, role, or object), authorization protocols, etc. with that said, my two cents is: 'recharter'. Regards, Paul ___________________________ Paul Judge, Ph.D. Candidate Georgia Tech judge@cc.gatech.edu From staddon@parc.com Wed Dec 11 21:56:27 2002 From: staddon@parc.com (staddon@parc.com) Date: Wed, 11 Dec 2002 13:56:27 -0800 (PST) Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xerox.com> I've only joined the mailing list recently and am still a bit fuzzy on the goals of IRTF working groups in general. That said, I think there are a number of interesting areas in which new (crypto) technology is needed and that could be taken up as part of Gord's option #3. One easy example if copy protection for digital tv. Perhaps the group could recommend approaches that allow for normal use (e.g. the ability to view recorded programs on any of a user's players) but make large-scale piracy difficult. In addition, with the activity around microbroadcasters this past summer, there also seems to be a need for technology that can better measure the audience size of content distributors. Such technology could potentially protect small distributors by keeping their licensing fees low but still be fair DRM-wise (Rob Johnson and I did some work in this area but I think there's still much to be done). These are very much off the top of my head and I'm sure there are more and better candidates. In any case, I would like to see the group resume activity. Jessica Staddon -----Original Message----- From: Paul Judge [mailto:judge@cc.gatech.edu] Sent: Wednesday, December 11, 2002 1:21 PM To: Thomas Hardjono Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com Subject: Re: [IDRM] Disband or recharter IDRM? On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > Right. So one of the notions we put forward in the IETF was: is it at all > possible to create "open-source DRM technologies", so that small > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > analogy is that with Linux and the Apache webserver, which are available > for around $30. > Another useful comparison in the RSA encryption algorithm, which is good > technology, well understood, standardized and now finally over the patent > hurdle. I think that this is a reasonable strategy and a worthy goal. We were working on some content protection architectures here that have very similiar motivations. An open-source standards-based DRM system would enable the small content providers as well as provide an alternative to multiple proprietary formats and systems. > >On a philosophical level then, I say there is a need for smart people to > >build workable DRM that citizens can live with. > > > >The point issue of this technical group's mandate is much clearer IMO. The > >core > >technology challenges for DRM are terminal node challenges, not network > >challenges. Sure, a network is usually involved, but DRM is nothing special > >for the network. DRM's basic network needs are nothing harder than > >http/https over tcp/ip. And the terminal mode challenges are largely about > >things like tamper-resistance, which are proprietary and not very amenable > >to > >standardization. It's not something where an IETF group adds much value. > > Right. This is where the word "DRM" is I think a misnomer for the IETF > efforts. You are absolutely right, that DRM is indeed "terminal node > challenges" (ie. development of rights-enforcing terminals), which is not > the traditional area of work for the IETF. > > However, there some network issues that is part of what I call the "DRM > macrocosm", which included functions relating to look-ups, secure network > storage, transaction clearinghouse, etc. These would appear to be suitable > for work items in the IETF. The way that I've been thinking about this is that DRM tries to solve three problems: 1) secure distribution/conditional access, 2) protected storage, and 3) output protection. True, #3 is largely about 'terminal node challenges', but #1 and #2 largely include distribution architectures and supporting systems. I believe that there is room in these areas for IETF work. > Thus, one possible change to IDRM is a new name that is less likely to be > controversial. Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce the confusion since DRM is such an overloaded term. If the focus becomes protected distribution and protected storage areas, then how about a name to describe that as opposed to the output protection area. >>3) Find specific technical problems that are obstacles to good (i.e. >>effective but not Orwellian) DRM, which are going begging, and in scope, >>and work on solutions. >> >>I don't have a top-of-mind suggestion for #3, but it sounds like the most >>fun! >>Yes, the keyword is "fun". Perhaps others on the list may have specific >>suggestions? based on what i've worked on before, there are a few things that come to mind. there are a few components that must exist in a protected distribution/storage environment: secure content objects, content object importation system, ACL servers (1 that assigns rights and 1 that can be used to lookup rights based on a user, role, or object), authorization protocols, etc. with that said, my two cents is: 'recharter'. Regards, Paul ___________________________ Paul Judge, Ph.D. Candidate Georgia Tech judge@cc.gatech.edu From thardjono@yahoo.com Wed Dec 11 22:20:43 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 17:20:43 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: References: <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Message-ID: <5.0.0.25.2.20021211171455.037ff890@pop.mail.yahoo.com> Hi Paul, At 12/11/2002||04:21 PM, Paul Judge wrote: >On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > >I think that this is a reasonable strategy and a worthy goal. We were >working on some content protection architectures here that have very >similiar motivations. An open-source standards-based DRM system would >enable the small content providers as well as provide an alternative to >multiple proprietary formats and systems. I like the term "content protection architectures", a term which has come-up several times in some IETF discussions regarding suitable areas for the IETF. > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing > special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely about > > >things like tamper-resistance, which are proprietary and not very amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be suitable > > for work items in the IETF. > >The way that I've been thinking about this is that DRM tries to solve >three problems: 1) secure distribution/conditional access, 2) protected >storage, and 3) output protection. True, #3 is largely about 'terminal >node challenges', but #1 and #2 largely include distribution architectures >and supporting systems. I believe that there is room in these areas for >IETF work. Right, absolutely. #1 and #2 are in fact in the purview of the IETF. A possible #4 could be "look-up" technologies, such as the Handle system or similar systems implementing object-identifiers (like DOI). Also needed is the management of meta-data, which may not always be stored with or accompany the protected data/content. > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > >Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >the confusion since DRM is such an overloaded term. If the focus becomes >protected distribution and protected storage areas, then how about a name >to describe that as opposed to the output protection area. Agree. Perhaps something like "content protection" or "information rights" could reduce the number of reporters in the room :) > >>3) Find specific technical problems that are obstacles to good (i.e. > >>effective but not Orwellian) DRM, which are going begging, and in scope, > >>and work on solutions. > >> > >>I don't have a top-of-mind suggestion for #3, but it sounds like the >most > >>fun! > > >>Yes, the keyword is "fun". Perhaps others on the list may have specific > >>suggestions? > >based on what i've worked on before, there are a few things that come to >mind. there are a few components that must exist in a protected >distribution/storage environment: secure content objects, content object >importation system, ACL servers (1 that assigns rights and 1 that can be >used to lookup rights based on a user, role, or object), authorization >protocols, etc. > >with that said, my two cents is: 'recharter'. Great! I agree. cheers, thomas ------ >Regards, >Paul > >___________________________ >Paul Judge, Ph.D. Candidate >Georgia Tech >judge@cc.gatech.edu > > > > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From thardjono@yahoo.com Wed Dec 11 22:08:34 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 17:08:34 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <01db01c2a152$3a453700$0400a8c0@sympatico.ca> References: <1qcd67$jd0h@halt-in.cisco.com> <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Message-ID: <5.0.0.25.2.20021211165941.0332bf98@vhqpostal3.verisign.com> At 12/11/2002||03:16 PM, Gord Larose wrote: >Hi Thomas, >Thanks for the feedback and update. At a high level I agree with you >completely. > >However, at a technical level, "Open source DRM" makes my brain hurt. It's >hard enough hide anything in BINARY inside a PC; but like it or not, that's >one thing DRM has to do. I should know... the NetActive technology I was >largely responsible for addresses exactly that problem. That technology has >never, to my knowledge, been publicly cracked... but I doubt that would have >been true if we'd published the source ! Yes, I agree: "open source DRM" makes my brain hurt too :) However, this seems to be the only way to provide an alternative to proprietary technology. In many cases, perhaps the mom-and-pop "publisher" does not need 100% hack-proof DRM (maybe not even 90% hack-proof), but enough to discourage non-technical people from trying to break it. >And from a business perspective, Mom & Pop businesses already have >inexpensive, low-end protection technologies available e.g. from >third-party software TBYB wrappers, or via, say, Windows Media Player DRM. >The obstacles are more about complexity, churn, supplier viability, trust, >and branding, than about cost or availability. Hmm, I'm not sure I follow here. WMP is only for certain types of contents (e.g. not books, newspapers, newletters, etc). >So we'd have to be careful about what the values of such a system were... if >we could figure out how it would work ! > >Here's an entertaining thought: suppose we emphasize TRUST and CONTINUITY. >Maybe we could even subvert Palladium and the Fritz Chip to nobler ends ? >i.e. a system that WILL, in some sense, robustly protect content, but WILL >NOT - as a matter of the supplier's policy - do any of the things that >consumers and libertarians rightly fear ? And a further benefit of an >open-source (that may not be the right term, maybe "distributed ownership" >is better) model could be the continuing availability of the solution e.g. >Red Hat may die, but Linux won't. OK, so this is a *very* interesting question. These are the types of questions that needs to be discussed in a open forum and where pieces of it can be standardized (the way many pieces of Linux has been standardized). cheers, thomas ------ >I'm not sure how to do this, but maybe we could figure it out ! > >Cheers, > Gord 8-) > > > >----- Original Message ----- >From: "Thomas Hardjono" >To: ; >Sent: Wednesday, December 11, 2002 12:55 PM >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > Gord, > > > > I agree with most of your comments. Judging from the "emotional outcry" we > > received at the last IDRM meeting (Salt Lake City IETF, end of 2001), DRM > > seems to mean different things to different people. > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > >Hello: > > > Most of you on the list will not know me, as I came in during your >period > > >of dormancy. I too have been mulling these issues, as the DRM company >that > > >I helped found (NetActive) struggled like most others in the space. > > > > > >I think there are two classes of issues here - the social-advocacy ones > > >and the technical ones. > > > > > >The social-advocacy issues are horribly subjective. The concerns were > > >well expressed in Mark's email, and we could spend thousands of words > > >debating them. For what it > > >is worth, I believe that DRM is not philosophically wrong, and further, >that > > >it is commercially necessary. However, I do not believe that the current > > >"axis of greed" between Hollywood and Washington serves the best >interests > > >of American citizens and, as a Canadian, I am very concerned about the > > >United States' efforts to impose its draconian views of copyright > > >enforcement on the rest of the world. > > > Good DRM does not have to put Big Brother on your hard drive. If it >does, > > >then the price is too high. > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > > > > I realize that some folks take the (radical) position of being against any > > development of DRM technology whatsoever. The best way to ensure Big > > Brother does not happen is to go against any work relating to DRM. The > > reality is that DRM Technology is here to stay (proprietary), whether we > > like it or not. It will ship inside PCs and in consumer electronics > > devices. I think such a position actually helps the Big Brother syndrome, > > as it does not provide an option to the general public as to alternative > > sources of technology. > > > > > > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. >The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing >special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely >about > > >things like tamper-resistance, which are proprietary and not very >amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be >suitable > > for work items in the IETF. > > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > > > > > > > > >So where does that leave the group ? Seems to me the options include: > > >1) disband > > >2) generalize the focus to a multidisciplinary one, along the lines of > > >http://www.bcdforum.org . (Though I have to confess I find that >organization > > >lacking substance.) > > >3) Find specific technical problems that are obstacles to good (i.e. > > >effective but not Orwellian) DRM, which are going begging, and in scope, > > >and work on solutions. > > > > > >I don't have a top-of-mind suggestion for #3, but it sounds like the most > > >fun! > > > > Yes, the keyword is "fun". Perhaps others on the list may have specific > > suggestions? > > > > cheers, > > > > thomas > > ------ > > > > > > > > > > > > >Other thoughts ??? > > > > > >Best Regards, > > > Gord Larose > > > > > >----- Original Message ----- > > >From: "Mark Baugher" > > >To: > > >Cc: ; "Vern Paxson" > > >Sent: Tuesday, December 10, 2002 6:43 PM > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > IDRM has obviously been dormant for about a year. > > > >SNIP< > > From Isabelle.Theisen@unistudios.com Wed Dec 11 22:48:19 2002 From: Isabelle.Theisen@unistudios.com (Theisen, Isabelle) Date: Wed, 11 Dec 2002 14:48:19 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: Please, I do not have a business need for these emails. Please, remove from the list. -----Original Message----- From: Thomas Hardjono [mailto:thardjono@yahoo.com] Sent: Wednesday, December 11, 2002 2:09 PM To: Gord Larose Cc: ietf-idrm@lists.elistx.com Subject: Re: [IDRM] Disband or recharter IDRM? At 12/11/2002||03:16 PM, Gord Larose wrote: >Hi Thomas, >Thanks for the feedback and update. At a high level I agree with you >completely. > >However, at a technical level, "Open source DRM" makes my brain hurt. It's >hard enough hide anything in BINARY inside a PC; but like it or not, that's >one thing DRM has to do. I should know... the NetActive technology I was >largely responsible for addresses exactly that problem. That technology has >never, to my knowledge, been publicly cracked... but I doubt that would have >been true if we'd published the source ! Yes, I agree: "open source DRM" makes my brain hurt too :) However, this seems to be the only way to provide an alternative to proprietary technology. In many cases, perhaps the mom-and-pop "publisher" does not need 100% hack-proof DRM (maybe not even 90% hack-proof), but enough to discourage non-technical people from trying to break it. >And from a business perspective, Mom & Pop businesses already have >inexpensive, low-end protection technologies available e.g. from >third-party software TBYB wrappers, or via, say, Windows Media Player DRM. >The obstacles are more about complexity, churn, supplier viability, trust, >and branding, than about cost or availability. Hmm, I'm not sure I follow here. WMP is only for certain types of contents (e.g. not books, newspapers, newletters, etc). >So we'd have to be careful about what the values of such a system were... if >we could figure out how it would work ! > >Here's an entertaining thought: suppose we emphasize TRUST and CONTINUITY. >Maybe we could even subvert Palladium and the Fritz Chip to nobler ends ? >i.e. a system that WILL, in some sense, robustly protect content, but WILL >NOT - as a matter of the supplier's policy - do any of the things that >consumers and libertarians rightly fear ? And a further benefit of an >open-source (that may not be the right term, maybe "distributed ownership" >is better) model could be the continuing availability of the solution e.g. >Red Hat may die, but Linux won't. OK, so this is a *very* interesting question. These are the types of questions that needs to be discussed in a open forum and where pieces of it can be standardized (the way many pieces of Linux has been standardized). cheers, thomas ------ >I'm not sure how to do this, but maybe we could figure it out ! > >Cheers, > Gord 8-) > > > >----- Original Message ----- >From: "Thomas Hardjono" >To: ; >Sent: Wednesday, December 11, 2002 12:55 PM >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > Gord, > > > > I agree with most of your comments. Judging from the "emotional outcry" we > > received at the last IDRM meeting (Salt Lake City IETF, end of 2001), DRM > > seems to mean different things to different people. > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > >Hello: > > > Most of you on the list will not know me, as I came in during your >period > > >of dormancy. I too have been mulling these issues, as the DRM company >that > > >I helped found (NetActive) struggled like most others in the space. > > > > > >I think there are two classes of issues here - the social-advocacy ones > > >and the technical ones. > > > > > >The social-advocacy issues are horribly subjective. The concerns were > > >well expressed in Mark's email, and we could spend thousands of words > > >debating them. For what it > > >is worth, I believe that DRM is not philosophically wrong, and further, >that > > >it is commercially necessary. However, I do not believe that the current > > >"axis of greed" between Hollywood and Washington serves the best >interests > > >of American citizens and, as a Canadian, I am very concerned about the > > >United States' efforts to impose its draconian views of copyright > > >enforcement on the rest of the world. > > > Good DRM does not have to put Big Brother on your hard drive. If it >does, > > >then the price is too high. > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > > > > I realize that some folks take the (radical) position of being against any > > development of DRM technology whatsoever. The best way to ensure Big > > Brother does not happen is to go against any work relating to DRM. The > > reality is that DRM Technology is here to stay (proprietary), whether we > > like it or not. It will ship inside PCs and in consumer electronics > > devices. I think such a position actually helps the Big Brother syndrome, > > as it does not provide an option to the general public as to alternative > > sources of technology. > > > > > > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. >The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing >special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely >about > > >things like tamper-resistance, which are proprietary and not very >amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be >suitable > > for work items in the IETF. > > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > > > > > > > > >So where does that leave the group ? Seems to me the options include: > > >1) disband > > >2) generalize the focus to a multidisciplinary one, along the lines of > > >http://www.bcdforum.org . (Though I have to confess I find that >organization > > >lacking substance.) > > >3) Find specific technical problems that are obstacles to good (i.e. > > >effective but not Orwellian) DRM, which are going begging, and in scope, > > >and work on solutions. > > > > > >I don't have a top-of-mind suggestion for #3, but it sounds like the most > > >fun! > > > > Yes, the keyword is "fun". Perhaps others on the list may have specific > > suggestions? > > > > cheers, > > > > thomas > > ------ > > > > > > > > > > > > >Other thoughts ??? > > > > > >Best Regards, > > > Gord Larose > > > > > >----- Original Message ----- > > >From: "Mark Baugher" > > >To: > > >Cc: ; "Vern Paxson" > > >Sent: Tuesday, December 10, 2002 6:43 PM > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > IDRM has obviously been dormant for about a year. > > > >SNIP< > > From PaulLambert@AirgoNetworks.Com Wed Dec 11 22:57:32 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 14:57:32 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> > Please, I do not have a business need for these emails.=20 Perhaps no one has a business reason for this committee and it should= be disbanded.=20 Business reasons for a specific technology does not guarentee that th= ere is any reason for an open interoperable standard. Paul > -----Original Message----- > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > Sent: Wednesday, December 11, 2002 2:48 PM > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > Subject: RE: [IDRM] Disband or recharter IDRM? >=20 >=20 > Please, I do not have a business need for these emails.=20 > Please, remove from the list. >=20 >=20 > -----Original Message----- > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > Sent: Wednesday, December 11, 2002 2:09 PM > To: Gord Larose > Cc: ietf-idrm@lists.elistx.com > Subject: Re: [IDRM] Disband or recharter IDRM? >=20 >=20 > At 12/11/2002||03:16 PM, Gord Larose wrote: > >Hi Thomas, > >Thanks for the feedback and update. At a high level I agree with y= ou > >completely. > > > >However, at a technical level, "Open source DRM" makes my=20 > brain hurt. It's > >hard enough hide anything in BINARY inside a PC; but like it=20 > or not, that's > >one thing DRM has to do. I should know... the NetActive=20 > technology I was > >largely responsible for addresses exactly that problem. That=20 > technology has > >never, to my knowledge, been publicly cracked... but I doubt=20 > that would have > >been true if we'd published the source ! >=20 > Yes, I agree: "open source DRM" makes my brain hurt too :) =20 > However, this=20 > seems to be the only way to provide an alternative to proprietary= =20 > technology. In many cases, perhaps the mom-and-pop=20 > "publisher" does not=20 > need 100% hack-proof DRM (maybe not even 90% hack-proof), but=20 > enough to=20 > discourage non-technical people from trying to break it. >=20 >=20 > >And from a business perspective, Mom & Pop businesses already have > >inexpensive, low-end protection technologies available e.g. from > >third-party software TBYB wrappers, or via, say, Windows=20 > Media Player DRM. > >The obstacles are more about complexity, churn, supplier=20 > viability, trust, > >and branding, than about cost or availability. >=20 > Hmm, I'm not sure I follow here. WMP is only for certain=20 > types of contents=20 > (e.g. not books, newspapers, newletters, etc). >=20 >=20 >=20 > >So we'd have to be careful about what the values of such a=20 > system were... if > >we could figure out how it would work ! > > > >Here's an entertaining thought: suppose we emphasize TRUST=20 > and CONTINUITY. > >Maybe we could even subvert Palladium and the Fritz Chip to=20 > nobler ends ? > >i.e. a system that WILL, in some sense, robustly protect=20 > content, but WILL > >NOT - as a matter of the supplier's policy - do any of the=20 > things that > >consumers and libertarians rightly fear ? And a further benefit of= an > >open-source (that may not be the right term, maybe=20 > "distributed ownership" > >is better) model could be the continuing availability of the=20 > solution e.g. > >Red Hat may die, but Linux won't. >=20 >=20 > OK, so this is a *very* interesting question. These are the types = of=20 > questions that needs to be discussed in a open forum and=20 > where pieces of it=20 > can be standardized (the way many pieces of Linux has been=20 > standardized). >=20 > cheers, >=20 > thomas > ------ >=20 >=20 >=20 > >I'm not sure how to do this, but maybe we could figure it out ! > > > >Cheers, > > Gord 8-) > > > > > > > >----- Original Message ----- > >From: "Thomas Hardjono" > >To: ; > >Sent: Wednesday, December 11, 2002 12:55 PM > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > Gord, > > > > > > I agree with most of your comments. Judging from the=20 > "emotional outcry" we > > > received at the last IDRM meeting (Salt Lake City IETF,=20 > end of 2001), DRM > > > seems to mean different things to different people. > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > >Hello: > > > > Most of you on the list will not know me, as I came=20 > in during your > >period > > > >of dormancy. I too have been mulling these issues, as=20 > the DRM company > >that > > > >I helped found (NetActive) struggled like most others in=20 > the space. > > > > > > > >I think there are two classes of issues here - the=20 > social-advocacy ones > > > >and the technical ones. > > > > > > > >The social-advocacy issues are horribly subjective. The=20 > concerns were > > > >well expressed in Mark's email, and we could spend=20 > thousands of words > > > >debating them. For what it > > > >is worth, I believe that DRM is not philosophically=20 > wrong, and further, > >that > > > >it is commercially necessary. However, I do not believe=20 > that the current > > > >"axis of greed" between Hollywood and Washington serves the be= st > >interests > > > >of American citizens and, as a Canadian, I am very=20 > concerned about the > > > >United States' efforts to impose its draconian views of copyri= ght > > > >enforcement on the rest of the world. > > > > Good DRM does not have to put Big Brother on your hard=20 > drive. If it > >does, > > > >then the price is too high. > > > > > > Right. So one of the notions we put forward in the IETF=20 > was: is it at all > > > possible to create "open-source DRM technologies", so that smal= l > > > mom-and-pop publishers need not pay $$$ for proprietary=20 > solutions. The > > > analogy is that with Linux and the Apache webserver,=20 > which are available > > > for around $30. > > > Another useful comparison in the RSA encryption=20 > algorithm, which is good > > > technology, well understood, standardized and now finally=20 > over the patent > > > hurdle. > > > > > > I realize that some folks take the (radical) position of=20 > being against any > > > development of DRM technology whatsoever. The best way=20 > to ensure Big > > > Brother does not happen is to go against any work=20 > relating to DRM. The > > > reality is that DRM Technology is here to stay=20 > (proprietary), whether we > > > like it or not. It will ship inside PCs and in consumer=20 > electronics > > > devices. I think such a position actually helps the Big=20 > Brother syndrome, > > > as it does not provide an option to the general public as=20 > to alternative > > > sources of technology. > > > > > > > > > > > > >On a philosophical level then, I say there is a need for=20 > smart people to > > > >build workable DRM that citizens can live with. > > > > > > > >The point issue of this technical group's mandate is=20 > much clearer IMO. > >The > > > >core > > > >technology challenges for DRM are terminal node=20 > challenges, not network > > > >challenges. Sure, a network is usually involved, but DRM=20 > is nothing > >special > > > >for the network. DRM's basic network needs are nothing=20 > harder than > > > >http/https over tcp/ip. And the terminal mode challenges=20 > are largely > >about > > > >things like tamper-resistance, which are proprietary and not v= ery > >amenable > > > >to > > > >standardization. It's not something where an IETF group=20 > adds much value. > > > > > > Right. This is where the word "DRM" is I think a=20 > misnomer for the IETF > > > efforts. You are absolutely right, that DRM is indeed=20 > "terminal node > > > challenges" (ie. development of rights-enforcing=20 > terminals), which is not > > > the traditional area of work for the IETF. > > > > > > However, there some network issues that is part of what I=20 > call the "DRM > > > macrocosm", which included functions relating to=20 > look-ups, secure network > > > storage, transaction clearinghouse, etc. These would appear to= be > >suitable > > > for work items in the IETF. > > > > > > Thus, one possible change to IDRM is a new name that is=20 > less likely to be > > > controversial. > > > > > > > > > > > > >So where does that leave the group ? Seems to me the=20 > options include: > > > >1) disband > > > >2) generalize the focus to a multidisciplinary one,=20 > along the lines of > > > >http://www.bcdforum.org . (Though I have to confess I find tha= t > >organization > > > >lacking substance.) > > > >3) Find specific technical problems that are obstacles=20 > to good (i.e. > > > >effective but not Orwellian) DRM, which are going=20 > begging, and in scope, > > > >and work on solutions. > > > > > > > >I don't have a top-of-mind suggestion for #3, but it=20 > sounds like the most > > > >fun! > > > > > > Yes, the keyword is "fun". Perhaps others on the list=20 > may have specific > > > suggestions? > > > > > > cheers, > > > > > > thomas > > > ------ > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > >Best Regards, > > > > Gord Larose > > > > > > > >----- Original Message ----- > > > >From: "Mark Baugher" > > > >To: > > > >Cc: ; "Vern Paxson" > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > >SNIP< > > > >=20 From thardjono@yahoo.com Wed Dec 11 22:37:51 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 17:37:51 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xero x.com> Message-ID: <5.0.0.25.2.20021211173145.01977ed0@vhqpostal3.verisign.com> Hi Jessica, At 12/11/2002||01:56 PM, staddon@parc.com wrote: >I've only joined the mailing list recently and am still a bit fuzzy on the >goals of IRTF working groups in general. That's fine: we're all rather fuzzy as the group has been dormant for over a year:) >That said, I think there are a number of interesting areas in which new >(crypto) technology is needed and that could be taken up as part of Gord's >option #3. One easy example if copy protection for digital tv. Perhaps the >group could recommend approaches that allow for normal use (e.g. the >ability to view recorded programs on any of a user's players) but make >large-scale piracy difficult. This seems like a topic that falls into the "terminal protection" area, ala MPEG4-IPMP. In fact, I think its is the goal of many PVR makers to ensure that this function is available and difficult to copy. Many also want to provide "mobility" of content, meaning that the user can easily move content from one tamper-proof storage to another (but never to the user's PC). >In addition, with the activity around microbroadcasters this past summer, >there also seems to be a need for technology that can better measure the >audience size of content distributors. Such technology could potentially >protect small distributors by keeping their licensing fees low but still >be fair DRM-wise (Rob Johnson and I did some work in this area but I think >there's still much to be done). Actually, this is an issue that no one has brought-up in the IETF, but would be of interest to folks in the IETF who do traffic shaping and traffic management. cheers, thomas ------ >These are very much off the top of my head and I'm sure there are more and >better candidates. In any case, I would like to see the group resume activity. > >Jessica Staddon > >-----Original Message----- >From: Paul Judge [mailto:judge@cc.gatech.edu] >Sent: Wednesday, December 11, 2002 1:21 PM >To: Thomas Hardjono >Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com >Subject: Re: [IDRM] Disband or recharter IDRM? > > > >On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > >I think that this is a reasonable strategy and a worthy goal. We were >working on some content protection architectures here that have very >similiar motivations. An open-source standards-based DRM system would >enable the small content providers as well as provide an alternative to >multiple proprietary formats and systems. > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing > special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely about > > >things like tamper-resistance, which are proprietary and not very amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be suitable > > for work items in the IETF. > >The way that I've been thinking about this is that DRM tries to solve >three problems: 1) secure distribution/conditional access, 2) protected >storage, and 3) output protection. True, #3 is largely about 'terminal >node challenges', but #1 and #2 largely include distribution architectures >and supporting systems. I believe that there is room in these areas for >IETF work. > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > >Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >the confusion since DRM is such an overloaded term. If the focus becomes >protected distribution and protected storage areas, then how about a name >to describe that as opposed to the output protection area. > > >>3) Find specific technical problems that are obstacles to good (i.e. > >>effective but not Orwellian) DRM, which are going begging, and in scope, > >>and work on solutions. > >> > >>I don't have a top-of-mind suggestion for #3, but it sounds like the >most > >>fun! > > >>Yes, the keyword is "fun". Perhaps others on the list may have specific > >>suggestions? > >based on what i've worked on before, there are a few things that come to >mind. there are a few components that must exist in a protected >distribution/storage environment: secure content objects, content object >importation system, ACL servers (1 that assigns rights and 1 that can be >used to lookup rights based on a user, role, or object), authorization >protocols, etc. > >with that said, my two cents is: 'recharter'. > >Regards, >Paul > >___________________________ >Paul Judge, Ph.D. Candidate >Georgia Tech >judge@cc.gatech.edu From thardjono@yahoo.com Wed Dec 11 23:07:46 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 18:07:46 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> Message-ID: <5.0.0.25.2.20021211180329.03c51e80@pop.mail.yahoo.com> Paul, Thanks for your input. We're trying to see if there needs to be a place for discussion regarding DRM-related issues. These discussion may or may not result in standards. I think there is a role for the IETF/IRTF in addressing some of the issues outlined earlier by Paul Judge. cheers, thomas ------ At 12/11/2002||02:57 PM, Paul Lambert wrote: > > Please, I do not have a business need for these emails. > >Perhaps no one has a business reason for this committee and it should be >disbanded. > >Business reasons for a specific technology does not guarentee that there >is any reason for an open interoperable standard. > > >Paul > > > -----Original Message----- > > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > > Sent: Wednesday, December 11, 2002 2:48 PM > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > Please, I do not have a business need for these emails. > > Please, remove from the list. > > > > > > -----Original Message----- > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > Sent: Wednesday, December 11, 2002 2:09 PM > > To: Gord Larose > > Cc: ietf-idrm@lists.elistx.com > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > >Hi Thomas, > > >Thanks for the feedback and update. At a high level I agree with you > > >completely. > > > > > >However, at a technical level, "Open source DRM" makes my > > brain hurt. It's > > >hard enough hide anything in BINARY inside a PC; but like it > > or not, that's > > >one thing DRM has to do. I should know... the NetActive > > technology I was > > >largely responsible for addresses exactly that problem. That > > technology has > > >never, to my knowledge, been publicly cracked... but I doubt > > that would have > > >been true if we'd published the source ! > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > However, this > > seems to be the only way to provide an alternative to proprietary > > technology. In many cases, perhaps the mom-and-pop > > "publisher" does not > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > enough to > > discourage non-technical people from trying to break it. > > > > > > >And from a business perspective, Mom & Pop businesses already have > > >inexpensive, low-end protection technologies available e.g. from > > >third-party software TBYB wrappers, or via, say, Windows > > Media Player DRM. > > >The obstacles are more about complexity, churn, supplier > > viability, trust, > > >and branding, than about cost or availability. > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > types of contents > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > >So we'd have to be careful about what the values of such a > > system were... if > > >we could figure out how it would work ! > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > and CONTINUITY. > > >Maybe we could even subvert Palladium and the Fritz Chip to > > nobler ends ? > > >i.e. a system that WILL, in some sense, robustly protect > > content, but WILL > > >NOT - as a matter of the supplier's policy - do any of the > > things that > > >consumers and libertarians rightly fear ? And a further benefit of an > > >open-source (that may not be the right term, maybe > > "distributed ownership" > > >is better) model could be the continuing availability of the > > solution e.g. > > >Red Hat may die, but Linux won't. > > > > > > OK, so this is a *very* interesting question. These are the types of > > questions that needs to be discussed in a open forum and > > where pieces of it > > can be standardized (the way many pieces of Linux has been > > standardized). > > > > cheers, > > > > thomas > > ------ > > > > > > > > >I'm not sure how to do this, but maybe we could figure it out ! > > > > > >Cheers, > > > Gord 8-) > > > > > > > > > > > >----- Original Message ----- > > >From: "Thomas Hardjono" > > >To: ; > > >Sent: Wednesday, December 11, 2002 12:55 PM > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > Gord, > > > > > > > > I agree with most of your comments. Judging from the > > "emotional outcry" we > > > > received at the last IDRM meeting (Salt Lake City IETF, > > end of 2001), DRM > > > > seems to mean different things to different people. > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > >Hello: > > > > > Most of you on the list will not know me, as I came > > in during your > > >period > > > > >of dormancy. I too have been mulling these issues, as > > the DRM company > > >that > > > > >I helped found (NetActive) struggled like most others in > > the space. > > > > > > > > > >I think there are two classes of issues here - the > > social-advocacy ones > > > > >and the technical ones. > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > concerns were > > > > >well expressed in Mark's email, and we could spend > > thousands of words > > > > >debating them. For what it > > > > >is worth, I believe that DRM is not philosophically > > wrong, and further, > > >that > > > > >it is commercially necessary. However, I do not believe > > that the current > > > > >"axis of greed" between Hollywood and Washington serves the best > > >interests > > > > >of American citizens and, as a Canadian, I am very > > concerned about the > > > > >United States' efforts to impose its draconian views of copyright > > > > >enforcement on the rest of the world. > > > > > Good DRM does not have to put Big Brother on your hard > > drive. If it > > >does, > > > > >then the price is too high. > > > > > > > > Right. So one of the notions we put forward in the IETF > > was: is it at all > > > > possible to create "open-source DRM technologies", so that small > > > > mom-and-pop publishers need not pay $$$ for proprietary > > solutions. The > > > > analogy is that with Linux and the Apache webserver, > > which are available > > > > for around $30. > > > > Another useful comparison in the RSA encryption > > algorithm, which is good > > > > technology, well understood, standardized and now finally > > over the patent > > > > hurdle. > > > > > > > > I realize that some folks take the (radical) position of > > being against any > > > > development of DRM technology whatsoever. The best way > > to ensure Big > > > > Brother does not happen is to go against any work > > relating to DRM. The > > > > reality is that DRM Technology is here to stay > > (proprietary), whether we > > > > like it or not. It will ship inside PCs and in consumer > > electronics > > > > devices. I think such a position actually helps the Big > > Brother syndrome, > > > > as it does not provide an option to the general public as > > to alternative > > > > sources of technology. > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > smart people to > > > > >build workable DRM that citizens can live with. > > > > > > > > > >The point issue of this technical group's mandate is > > much clearer IMO. > > >The > > > > >core > > > > >technology challenges for DRM are terminal node > > challenges, not network > > > > >challenges. Sure, a network is usually involved, but DRM > > is nothing > > >special > > > > >for the network. DRM's basic network needs are nothing > > harder than > > > > >http/https over tcp/ip. And the terminal mode challenges > > are largely > > >about > > > > >things like tamper-resistance, which are proprietary and not very > > >amenable > > > > >to > > > > >standardization. It's not something where an IETF group > > adds much value. > > > > > > > > Right. This is where the word "DRM" is I think a > > misnomer for the IETF > > > > efforts. You are absolutely right, that DRM is indeed > > "terminal node > > > > challenges" (ie. development of rights-enforcing > > terminals), which is not > > > > the traditional area of work for the IETF. > > > > > > > > However, there some network issues that is part of what I > > call the "DRM > > > > macrocosm", which included functions relating to > > look-ups, secure network > > > > storage, transaction clearinghouse, etc. These would appear to be > > >suitable > > > > for work items in the IETF. > > > > > > > > Thus, one possible change to IDRM is a new name that is > > less likely to be > > > > controversial. > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > options include: > > > > >1) disband > > > > >2) generalize the focus to a multidisciplinary one, > > along the lines of > > > > >http://www.bcdforum.org . (Though I have to confess I find that > > >organization > > > > >lacking substance.) > > > > >3) Find specific technical problems that are obstacles > > to good (i.e. > > > > >effective but not Orwellian) DRM, which are going > > begging, and in scope, > > > > >and work on solutions. > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > sounds like the most > > > > >fun! > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > may have specific > > > > suggestions? > > > > > > > > cheers, > > > > > > > > thomas > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > >Best Regards, > > > > > Gord Larose > > > > > > > > > >----- Original Message ----- > > > > >From: "Mark Baugher" > > > > >To: > > > > >Cc: ; "Vern Paxson" > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > >SNIP< > > > > > > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From mbaugher@cisco.com Wed Dec 11 23:06:05 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Wed, 11 Dec 2002 15:06:05 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xero x.com> Message-ID: <5.1.1.5.2.20021211144857.04974fe8@mira-sjc5-6.cisco.com> Jessica At 01:56 PM 12/11/2002 -0800, staddon@parc.com wrote: >I've only joined the mailing list recently and am still a bit fuzzy on the >goals of IRTF working groups in general. That said, I think there are a >number of interesting areas in which new (crypto) technology is needed and >that could be taken up as part of Gord's option #3. One easy example if >copy protection for digital tv. New cryptography can also be evaluated in the Crypto Forum Research Group (CFRG). >Perhaps the group could recommend approaches that allow for normal use >(e.g. the ability to view recorded programs on any of a user's players) >but make large-scale piracy difficult. I think that the opposite may be the case (viz. the darknet paper at http://crypto.stanford.edu/DRM2002/prog.html). I think setting up a peer-to-peer content trading node is a known amount of effort and cost (real expenses and/or opportunity cost). I think that the cost of illegal content trading, however, is too high for most consumers who are not college students. For the rest of us, very simple mechanisms should suffice. More complex mechanisms will force more people to darknet. >In addition, with the activity around microbroadcasters this past summer, >there also seems to be a need for technology that can better measure the >audience size of content distributors. Such technology could potentially >protect small distributors by keeping their licensing fees low but still >be fair DRM-wise (Rob Johnson and I did some work in this area but I think >there's still much to be done). I heard a presentation from some people at Yahoo! that asked for the same thing. >These are very much off the top of my head and I'm sure there are more and >better candidates. In any case, I would like to see the group resume activity. Thanks, Mark >Jessica Staddon > >-----Original Message----- >From: Paul Judge [mailto:judge@cc.gatech.edu] >Sent: Wednesday, December 11, 2002 1:21 PM >To: Thomas Hardjono >Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com >Subject: Re: [IDRM] Disband or recharter IDRM? > > > >On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > >I think that this is a reasonable strategy and a worthy goal. We were >working on some content protection architectures here that have very >similiar motivations. An open-source standards-based DRM system would >enable the small content providers as well as provide an alternative to >multiple proprietary formats and systems. > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing > special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely about > > >things like tamper-resistance, which are proprietary and not very amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be suitable > > for work items in the IETF. > >The way that I've been thinking about this is that DRM tries to solve >three problems: 1) secure distribution/conditional access, 2) protected >storage, and 3) output protection. True, #3 is largely about 'terminal >node challenges', but #1 and #2 largely include distribution architectures >and supporting systems. I believe that there is room in these areas for >IETF work. > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > >Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >the confusion since DRM is such an overloaded term. If the focus becomes >protected distribution and protected storage areas, then how about a name >to describe that as opposed to the output protection area. > > >>3) Find specific technical problems that are obstacles to good (i.e. > >>effective but not Orwellian) DRM, which are going begging, and in scope, > >>and work on solutions. > >> > >>I don't have a top-of-mind suggestion for #3, but it sounds like the >most > >>fun! > > >>Yes, the keyword is "fun". Perhaps others on the list may have specific > >>suggestions? > >based on what i've worked on before, there are a few things that come to >mind. there are a few components that must exist in a protected >distribution/storage environment: secure content objects, content object >importation system, ACL servers (1 that assigns rights and 1 that can be >used to lookup rights based on a user, role, or object), authorization >protocols, etc. > >with that said, my two cents is: 'recharter'. > >Regards, >Paul > >___________________________ >Paul Judge, Ph.D. Candidate >Georgia Tech >judge@cc.gatech.edu From mbaugher@cisco.com Wed Dec 11 23:22:27 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Wed, 11 Dec 2002 15:22:27 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> Message-ID: <5.1.1.5.2.20021211151947.084878a8@mira-sjc5-6.cisco.com> At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: > > Please, I do not have a business need for these emails. > >Perhaps no one has a business reason for this committee and it should be >disbanded. Just so we are all on the same page, a stated "business reason" is not among the criteria used to establish and guide an Internet Research Task Force (IRTF) Research Group such as IDRM (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) Mark >Business reasons for a specific technology does not guarentee that there >is any reason for an open interoperable standard. > > >Paul > > > -----Original Message----- > > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > > Sent: Wednesday, December 11, 2002 2:48 PM > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > Please, I do not have a business need for these emails. > > Please, remove from the list. > > > > > > -----Original Message----- > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > Sent: Wednesday, December 11, 2002 2:09 PM > > To: Gord Larose > > Cc: ietf-idrm@lists.elistx.com > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > >Hi Thomas, > > >Thanks for the feedback and update. At a high level I agree with you > > >completely. > > > > > >However, at a technical level, "Open source DRM" makes my > > brain hurt. It's > > >hard enough hide anything in BINARY inside a PC; but like it > > or not, that's > > >one thing DRM has to do. I should know... the NetActive > > technology I was > > >largely responsible for addresses exactly that problem. That > > technology has > > >never, to my knowledge, been publicly cracked... but I doubt > > that would have > > >been true if we'd published the source ! > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > However, this > > seems to be the only way to provide an alternative to proprietary > > technology. In many cases, perhaps the mom-and-pop > > "publisher" does not > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > enough to > > discourage non-technical people from trying to break it. > > > > > > >And from a business perspective, Mom & Pop businesses already have > > >inexpensive, low-end protection technologies available e.g. from > > >third-party software TBYB wrappers, or via, say, Windows > > Media Player DRM. > > >The obstacles are more about complexity, churn, supplier > > viability, trust, > > >and branding, than about cost or availability. > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > types of contents > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > >So we'd have to be careful about what the values of such a > > system were... if > > >we could figure out how it would work ! > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > and CONTINUITY. > > >Maybe we could even subvert Palladium and the Fritz Chip to > > nobler ends ? > > >i.e. a system that WILL, in some sense, robustly protect > > content, but WILL > > >NOT - as a matter of the supplier's policy - do any of the > > things that > > >consumers and libertarians rightly fear ? And a further benefit of an > > >open-source (that may not be the right term, maybe > > "distributed ownership" > > >is better) model could be the continuing availability of the > > solution e.g. > > >Red Hat may die, but Linux won't. > > > > > > OK, so this is a *very* interesting question. These are the types of > > questions that needs to be discussed in a open forum and > > where pieces of it > > can be standardized (the way many pieces of Linux has been > > standardized). > > > > cheers, > > > > thomas > > ------ > > > > > > > > >I'm not sure how to do this, but maybe we could figure it out ! > > > > > >Cheers, > > > Gord 8-) > > > > > > > > > > > >----- Original Message ----- > > >From: "Thomas Hardjono" > > >To: ; > > >Sent: Wednesday, December 11, 2002 12:55 PM > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > Gord, > > > > > > > > I agree with most of your comments. Judging from the > > "emotional outcry" we > > > > received at the last IDRM meeting (Salt Lake City IETF, > > end of 2001), DRM > > > > seems to mean different things to different people. > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > >Hello: > > > > > Most of you on the list will not know me, as I came > > in during your > > >period > > > > >of dormancy. I too have been mulling these issues, as > > the DRM company > > >that > > > > >I helped found (NetActive) struggled like most others in > > the space. > > > > > > > > > >I think there are two classes of issues here - the > > social-advocacy ones > > > > >and the technical ones. > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > concerns were > > > > >well expressed in Mark's email, and we could spend > > thousands of words > > > > >debating them. For what it > > > > >is worth, I believe that DRM is not philosophically > > wrong, and further, > > >that > > > > >it is commercially necessary. However, I do not believe > > that the current > > > > >"axis of greed" between Hollywood and Washington serves the best > > >interests > > > > >of American citizens and, as a Canadian, I am very > > concerned about the > > > > >United States' efforts to impose its draconian views of copyright > > > > >enforcement on the rest of the world. > > > > > Good DRM does not have to put Big Brother on your hard > > drive. If it > > >does, > > > > >then the price is too high. > > > > > > > > Right. So one of the notions we put forward in the IETF > > was: is it at all > > > > possible to create "open-source DRM technologies", so that small > > > > mom-and-pop publishers need not pay $$$ for proprietary > > solutions. The > > > > analogy is that with Linux and the Apache webserver, > > which are available > > > > for around $30. > > > > Another useful comparison in the RSA encryption > > algorithm, which is good > > > > technology, well understood, standardized and now finally > > over the patent > > > > hurdle. > > > > > > > > I realize that some folks take the (radical) position of > > being against any > > > > development of DRM technology whatsoever. The best way > > to ensure Big > > > > Brother does not happen is to go against any work > > relating to DRM. The > > > > reality is that DRM Technology is here to stay > > (proprietary), whether we > > > > like it or not. It will ship inside PCs and in consumer > > electronics > > > > devices. I think such a position actually helps the Big > > Brother syndrome, > > > > as it does not provide an option to the general public as > > to alternative > > > > sources of technology. > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > smart people to > > > > >build workable DRM that citizens can live with. > > > > > > > > > >The point issue of this technical group's mandate is > > much clearer IMO. > > >The > > > > >core > > > > >technology challenges for DRM are terminal node > > challenges, not network > > > > >challenges. Sure, a network is usually involved, but DRM > > is nothing > > >special > > > > >for the network. DRM's basic network needs are nothing > > harder than > > > > >http/https over tcp/ip. And the terminal mode challenges > > are largely > > >about > > > > >things like tamper-resistance, which are proprietary and not very > > >amenable > > > > >to > > > > >standardization. It's not something where an IETF group > > adds much value. > > > > > > > > Right. This is where the word "DRM" is I think a > > misnomer for the IETF > > > > efforts. You are absolutely right, that DRM is indeed > > "terminal node > > > > challenges" (ie. development of rights-enforcing > > terminals), which is not > > > > the traditional area of work for the IETF. > > > > > > > > However, there some network issues that is part of what I > > call the "DRM > > > > macrocosm", which included functions relating to > > look-ups, secure network > > > > storage, transaction clearinghouse, etc. These would appear to be > > >suitable > > > > for work items in the IETF. > > > > > > > > Thus, one possible change to IDRM is a new name that is > > less likely to be > > > > controversial. > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > options include: > > > > >1) disband > > > > >2) generalize the focus to a multidisciplinary one, > > along the lines of > > > > >http://www.bcdforum.org . (Though I have to confess I find that > > >organization > > > > >lacking substance.) > > > > >3) Find specific technical problems that are obstacles > > to good (i.e. > > > > >effective but not Orwellian) DRM, which are going > > begging, and in scope, > > > > >and work on solutions. > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > sounds like the most > > > > >fun! > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > may have specific > > > > suggestions? > > > > > > > > cheers, > > > > > > > > thomas > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > >Best Regards, > > > > > Gord Larose > > > > > > > > > >----- Original Message ----- > > > > >From: "Mark Baugher" > > > > >To: > > > > >Cc: ; "Vern Paxson" > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > >SNIP< > > > > > > From mbaugher@cisco.com Wed Dec 11 23:27:09 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Wed, 11 Dec 2002 15:27:09 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <5.0.0.25.2.20021211173145.01977ed0@vhqpostal3.verisign.com> References: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xero x.com> Message-ID: <5.1.1.5.2.20021211152520.08409590@mira-sjc5-6.cisco.com> hi Thomas At 05:37 PM 12/11/2002 -0500, Thomas Hardjono wrote: <...> >>In addition, with the activity around microbroadcasters this past summer, >>there also seems to be a need for technology that can better measure the >>audience size of content distributors. Such technology could potentially >>protect small distributors by keeping their licensing fees low but still >>be fair DRM-wise (Rob Johnson and I did some work in this area but I >>think there's still much to be done). > > >Actually, this is an issue that no one has brought-up in the IETF, but >would be of interest to folks in the IETF who do traffic shaping and >traffic management. I think it's a different critter than that: The application that Jessica cites is more like an interface to a clearinghouse Mark >cheers, > >thomas >------ > > >>These are very much off the top of my head and I'm sure there are more >>and better candidates. In any case, I would like to see the group resume >>activity. >> >>Jessica Staddon >> >>-----Original Message----- >>From: Paul Judge [mailto:judge@cc.gatech.edu] >>Sent: Wednesday, December 11, 2002 1:21 PM >>To: Thomas Hardjono >>Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com >>Subject: Re: [IDRM] Disband or recharter IDRM? >> >> >> >>On Wed, 11 Dec 2002, Thomas Hardjono wrote: >> > >> > Right. So one of the notions we put forward in the IETF was: is it at all >> > possible to create "open-source DRM technologies", so that small >> > mom-and-pop publishers need not pay $$$ for proprietary solutions. The >> > analogy is that with Linux and the Apache webserver, which are available >> > for around $30. >> > Another useful comparison in the RSA encryption algorithm, which is good >> > technology, well understood, standardized and now finally over the patent >> > hurdle. >> >>I think that this is a reasonable strategy and a worthy goal. We were >>working on some content protection architectures here that have very >>similiar motivations. An open-source standards-based DRM system would >>enable the small content providers as well as provide an alternative to >>multiple proprietary formats and systems. >> >> > >On a philosophical level then, I say there is a need for smart people to >> > >build workable DRM that citizens can live with. >> > > >> > >The point issue of this technical group's mandate is much clearer >> IMO. The >> > >core >> > >technology challenges for DRM are terminal node challenges, not network >> > >challenges. Sure, a network is usually involved, but DRM is nothing >> special >> > >for the network. DRM's basic network needs are nothing harder than >> > >http/https over tcp/ip. And the terminal mode challenges are largely >> about >> > >things like tamper-resistance, which are proprietary and not very >> amenable >> > >to >> > >standardization. It's not something where an IETF group adds much value. >> > >> > Right. This is where the word "DRM" is I think a misnomer for the IETF >> > efforts. You are absolutely right, that DRM is indeed "terminal node >> > challenges" (ie. development of rights-enforcing terminals), which is not >> > the traditional area of work for the IETF. >> > >> > However, there some network issues that is part of what I call the "DRM >> > macrocosm", which included functions relating to look-ups, secure network >> > storage, transaction clearinghouse, etc. These would appear to be >> suitable >> > for work items in the IETF. >> >>The way that I've been thinking about this is that DRM tries to solve >>three problems: 1) secure distribution/conditional access, 2) protected >>storage, and 3) output protection. True, #3 is largely about 'terminal >>node challenges', but #1 and #2 largely include distribution architectures >>and supporting systems. I believe that there is room in these areas for >>IETF work. >> >> > Thus, one possible change to IDRM is a new name that is less likely to be >> > controversial. >> >>Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >>the confusion since DRM is such an overloaded term. If the focus becomes >>protected distribution and protected storage areas, then how about a name >>to describe that as opposed to the output protection area. >> >> >>3) Find specific technical problems that are obstacles to good (i.e. >> >>effective but not Orwellian) DRM, which are going begging, and in scope, >> >>and work on solutions. >> >> >> >>I don't have a top-of-mind suggestion for #3, but it sounds like the >>most >> >>fun! >> >> >>Yes, the keyword is "fun". Perhaps others on the list may have specific >> >>suggestions? >> >>based on what i've worked on before, there are a few things that come to >>mind. there are a few components that must exist in a protected >>distribution/storage environment: secure content objects, content object >>importation system, ACL servers (1 that assigns rights and 1 that can be >>used to lookup rights based on a user, role, or object), authorization >>protocols, etc. >> >>with that said, my two cents is: 'recharter'. >> >>Regards, >>Paul >> >>___________________________ >>Paul Judge, Ph.D. Candidate >>Georgia Tech >>judge@cc.gatech.edu From lisarein@finetuning.com Thu Dec 12 00:38:56 2002 From: lisarein@finetuning.com (Lisa Rein) Date: Wed, 11 Dec 2002 16:38:56 -0800 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> References: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> Message-ID: <3DF7DAA0.1020303@finetuning.com> Hi Paul, On the contrary. Business reasons for a specific technology are *exactly* what defines the need for an open interoperable standard. Thanks, Lisa Rein http://www.finetuning.com Paul Lambert wrote: > Perhaps no one has a business reason for this committee and it should be disbanded. > > Business reasons for a specific technology does not guarentee that there is any reason for an open interoperable standard. > > > Paul > > >>-----Original Message----- >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] >>Sent: Wednesday, December 11, 2002 2:48 PM >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >>'glarose@info-mech.com'; 'mbaugher@cisco.com' >>Subject: RE: [IDRM] Disband or recharter IDRM? >> >> >>Please, I do not have a business need for these emails. >>Please, remove from the list. >> >> >>-----Original Message----- >>From: Thomas Hardjono [mailto:thardjono@yahoo.com] >>Sent: Wednesday, December 11, 2002 2:09 PM >>To: Gord Larose >>Cc: ietf-idrm@lists.elistx.com >>Subject: Re: [IDRM] Disband or recharter IDRM? >> >> >>At 12/11/2002||03:16 PM, Gord Larose wrote: >> >>>Hi Thomas, >>>Thanks for the feedback and update. At a high level I agree with you >>>completely. >>> >>>However, at a technical level, "Open source DRM" makes my >> >>brain hurt. It's >> >>>hard enough hide anything in BINARY inside a PC; but like it >> >>or not, that's >> >>>one thing DRM has to do. I should know... the NetActive >> >>technology I was >> >>>largely responsible for addresses exactly that problem. That >> >>technology has >> >>>never, to my knowledge, been publicly cracked... but I doubt >> >>that would have >> >>>been true if we'd published the source ! >> >>Yes, I agree: "open source DRM" makes my brain hurt too :) >>However, this >>seems to be the only way to provide an alternative to proprietary >>technology. In many cases, perhaps the mom-and-pop >>"publisher" does not >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but >>enough to >>discourage non-technical people from trying to break it. >> >> >> >>>And from a business perspective, Mom & Pop businesses already have >>>inexpensive, low-end protection technologies available e.g. from >>>third-party software TBYB wrappers, or via, say, Windows >> >>Media Player DRM. >> >>>The obstacles are more about complexity, churn, supplier >> >>viability, trust, >> >>>and branding, than about cost or availability. >> >>Hmm, I'm not sure I follow here. WMP is only for certain >>types of contents >>(e.g. not books, newspapers, newletters, etc). >> >> >> >> >>>So we'd have to be careful about what the values of such a >> >>system were... if >> >>>we could figure out how it would work ! >>> >>>Here's an entertaining thought: suppose we emphasize TRUST >> >>and CONTINUITY. >> >>>Maybe we could even subvert Palladium and the Fritz Chip to >> >>nobler ends ? >> >>>i.e. a system that WILL, in some sense, robustly protect >> >>content, but WILL >> >>>NOT - as a matter of the supplier's policy - do any of the >> >>things that >> >>>consumers and libertarians rightly fear ? And a further benefit of an >>>open-source (that may not be the right term, maybe >> >>"distributed ownership" >> >>>is better) model could be the continuing availability of the >> >>solution e.g. >> >>>Red Hat may die, but Linux won't. >> >> >>OK, so this is a *very* interesting question. These are the types of >>questions that needs to be discussed in a open forum and >>where pieces of it >>can be standardized (the way many pieces of Linux has been >>standardized). >> >>cheers, >> >>thomas >>------ >> >> >> >> >>>I'm not sure how to do this, but maybe we could figure it out ! >>> >>>Cheers, >>> Gord 8-) >>> >>> >>> >>>----- Original Message ----- >>>From: "Thomas Hardjono" >>>To: ; >>>Sent: Wednesday, December 11, 2002 12:55 PM >>>Subject: Re: [IDRM] Disband or recharter IDRM? >>> >>> >>> >>>>Gord, >>>> >>>>I agree with most of your comments. Judging from the >> >>"emotional outcry" we >> >>>>received at the last IDRM meeting (Salt Lake City IETF, >> >>end of 2001), DRM >> >>>>seems to mean different things to different people. >>>> >>>> >>>>At 12/11/2002||09:23 AM, Gord Larose wrote: >>>> >>>>>Hello: >>>>> Most of you on the list will not know me, as I came >> >>in during your >> >>>period >>> >>>>>of dormancy. I too have been mulling these issues, as >> >>the DRM company >> >>>that >>> >>>>>I helped found (NetActive) struggled like most others in >> >>the space. >> >>>>>I think there are two classes of issues here - the >> >>social-advocacy ones >> >>>>>and the technical ones. >>>>> >>>>>The social-advocacy issues are horribly subjective. The >> >>concerns were >> >>>>>well expressed in Mark's email, and we could spend >> >>thousands of words >> >>>>>debating them. For what it >>>>>is worth, I believe that DRM is not philosophically >> >>wrong, and further, >> >>>that >>> >>>>>it is commercially necessary. However, I do not believe >> >>that the current >> >>>>>"axis of greed" between Hollywood and Washington serves the best >>> >>>interests >>> >>>>>of American citizens and, as a Canadian, I am very >> >>concerned about the >> >>>>>United States' efforts to impose its draconian views of copyright >>>>>enforcement on the rest of the world. >>>>> Good DRM does not have to put Big Brother on your hard >> >>drive. If it >> >>>does, >>> >>>>>then the price is too high. >>>> >>>>Right. So one of the notions we put forward in the IETF >> >>was: is it at all >> >>>>possible to create "open-source DRM technologies", so that small >>>>mom-and-pop publishers need not pay $$$ for proprietary >> >>solutions. The >> >>>>analogy is that with Linux and the Apache webserver, >> >>which are available >> >>>>for around $30. >>>>Another useful comparison in the RSA encryption >> >>algorithm, which is good >> >>>>technology, well understood, standardized and now finally >> >>over the patent >> >>>>hurdle. >>>> >>>>I realize that some folks take the (radical) position of >> >>being against any >> >>>>development of DRM technology whatsoever. The best way >> >>to ensure Big >> >>>>Brother does not happen is to go against any work >> >>relating to DRM. The >> >>>>reality is that DRM Technology is here to stay >> >>(proprietary), whether we >> >>>>like it or not. It will ship inside PCs and in consumer >> >>electronics >> >>>>devices. I think such a position actually helps the Big >> >>Brother syndrome, >> >>>>as it does not provide an option to the general public as >> >>to alternative >> >>>>sources of technology. >>>> >>>> >>>> >>>> >>>>>On a philosophical level then, I say there is a need for >> >>smart people to >> >>>>>build workable DRM that citizens can live with. >>>>> >>>>>The point issue of this technical group's mandate is >> >>much clearer IMO. >> >>>The >>> >>>>>core >>>>>technology challenges for DRM are terminal node >> >>challenges, not network >> >>>>>challenges. Sure, a network is usually involved, but DRM >> >>is nothing >> >>>special >>> >>>>>for the network. DRM's basic network needs are nothing >> >>harder than >> >>>>>http/https over tcp/ip. And the terminal mode challenges >> >>are largely >> >>>about >>> >>>>>things like tamper-resistance, which are proprietary and not very >>> >>>amenable >>> >>>>>to >>>>>standardization. It's not something where an IETF group >> >>adds much value. >> >>>>Right. This is where the word "DRM" is I think a >> >>misnomer for the IETF >> >>>>efforts. You are absolutely right, that DRM is indeed >> >>"terminal node >> >>>>challenges" (ie. development of rights-enforcing >> >>terminals), which is not >> >>>>the traditional area of work for the IETF. >>>> >>>>However, there some network issues that is part of what I >> >>call the "DRM >> >>>>macrocosm", which included functions relating to >> >>look-ups, secure network >> >>>>storage, transaction clearinghouse, etc. These would appear to be >>> >>>suitable >>> >>>>for work items in the IETF. >>>> >>>>Thus, one possible change to IDRM is a new name that is >> >>less likely to be >> >>>>controversial. >>>> >>>> >>>> >>>> >>>>>So where does that leave the group ? Seems to me the >> >>options include: >> >>>>>1) disband >>>>>2) generalize the focus to a multidisciplinary one, >> >>along the lines of >> >>>>>http://www.bcdforum.org . (Though I have to confess I find that >>> >>>organization >>> >>>>>lacking substance.) >>>>>3) Find specific technical problems that are obstacles >> >>to good (i.e. >> >>>>>effective but not Orwellian) DRM, which are going >> >>begging, and in scope, >> >>>>>and work on solutions. >>>>> >>>>>I don't have a top-of-mind suggestion for #3, but it >> >>sounds like the most >> >>>>>fun! >>>> >>>>Yes, the keyword is "fun". Perhaps others on the list >> >>may have specific >> >>>>suggestions? >>>> >>>>cheers, >>>> >>>>thomas >>>>------ >>>> >>>> >>>> >>>> >>>> >>>> >>>>>Other thoughts ??? >>>>> >>>>>Best Regards, >>>>> Gord Larose >>>>> >>>>>----- Original Message ----- >>>>>From: "Mark Baugher" >>>>>To: >>>>>Cc: ; "Vern Paxson" >>>>>Sent: Tuesday, December 10, 2002 6:43 PM >>>>>Subject: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>>>IDRM has obviously been dormant for about a year. >>>>>>SNIP< >>>> > > From rreeder@rightsline.com Thu Dec 12 00:53:54 2002 From: rreeder@rightsline.com (Russell P. Reeder) Date: Wed, 11 Dec 2002 16:53:54 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3DF7DAA0.1020303@finetuning.com> Message-ID: I think you are all correct. Yes there is a need, but it is too complex right now to "nail down" any one standard. If Microsoft, Intertrust, IBM, VeriSign Real and Macrovision can't nail down any standards, then who are we to think we can? As my CTO says, "the best thing about standards is that there are so many of them". The key is to find a solution that is not only as secure as possible, but to ensure the delivery solution is interoperable to the existing enterprise applications these companies are using to track what they own so they can monetize their assets and create new business models. But remember, most businesses today, from Disney to Nike, are using Excel and Access or maybe a homegrown FoxPro application to manage what properties they can even deliver. The problem is not in the delivery, they can't even get their products to the loading dock. Russ _____________________________________________________________ Russell P. Reeder President & CEO RightsLine, Inc. 9100 Wilshire Blvd., Suite 520E Beverly Hills, CA 90212 Office 310-281-6434 Fax 310-281-6495 rreeder@rightsline.com -----Original Message----- From: Lisa Rein [mailto:lisarein@finetuning.com] Sent: Wednesday, December 11, 2002 4:39 PM To: Paul Lambert Cc: Theisen, Isabelle; Thomas Hardjono; ietf-idrm@lists.elistx.com; glarose@info-mech.com; mbaugher@cisco.com Subject: Re: [IDRM] Disband or recharter IDRM? Hi Paul, On the contrary. Business reasons for a specific technology are *exactly* what defines the need for an open interoperable standard. Thanks, Lisa Rein http://www.finetuning.com Paul Lambert wrote: > Perhaps no one has a business reason for this committee and it should be disbanded. > > Business reasons for a specific technology does not guarentee that there is any reason for an open interoperable standard. > > > Paul > > >>-----Original Message----- >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] >>Sent: Wednesday, December 11, 2002 2:48 PM >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >>'glarose@info-mech.com'; 'mbaugher@cisco.com' >>Subject: RE: [IDRM] Disband or recharter IDRM? >> >> >>Please, I do not have a business need for these emails. >>Please, remove from the list. >> >> >>-----Original Message----- >>From: Thomas Hardjono [mailto:thardjono@yahoo.com] >>Sent: Wednesday, December 11, 2002 2:09 PM >>To: Gord Larose >>Cc: ietf-idrm@lists.elistx.com >>Subject: Re: [IDRM] Disband or recharter IDRM? >> >> >>At 12/11/2002||03:16 PM, Gord Larose wrote: >> >>>Hi Thomas, >>>Thanks for the feedback and update. At a high level I agree with you >>>completely. >>> >>>However, at a technical level, "Open source DRM" makes my >> >>brain hurt. It's >> >>>hard enough hide anything in BINARY inside a PC; but like it >> >>or not, that's >> >>>one thing DRM has to do. I should know... the NetActive >> >>technology I was >> >>>largely responsible for addresses exactly that problem. That >> >>technology has >> >>>never, to my knowledge, been publicly cracked... but I doubt >> >>that would have >> >>>been true if we'd published the source ! >> >>Yes, I agree: "open source DRM" makes my brain hurt too :) >>However, this >>seems to be the only way to provide an alternative to proprietary >>technology. In many cases, perhaps the mom-and-pop >>"publisher" does not >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but >>enough to >>discourage non-technical people from trying to break it. >> >> >> >>>And from a business perspective, Mom & Pop businesses already have >>>inexpensive, low-end protection technologies available e.g. from >>>third-party software TBYB wrappers, or via, say, Windows >> >>Media Player DRM. >> >>>The obstacles are more about complexity, churn, supplier >> >>viability, trust, >> >>>and branding, than about cost or availability. >> >>Hmm, I'm not sure I follow here. WMP is only for certain >>types of contents >>(e.g. not books, newspapers, newletters, etc). >> >> >> >> >>>So we'd have to be careful about what the values of such a >> >>system were... if >> >>>we could figure out how it would work ! >>> >>>Here's an entertaining thought: suppose we emphasize TRUST >> >>and CONTINUITY. >> >>>Maybe we could even subvert Palladium and the Fritz Chip to >> >>nobler ends ? >> >>>i.e. a system that WILL, in some sense, robustly protect >> >>content, but WILL >> >>>NOT - as a matter of the supplier's policy - do any of the >> >>things that >> >>>consumers and libertarians rightly fear ? And a further benefit of an >>>open-source (that may not be the right term, maybe >> >>"distributed ownership" >> >>>is better) model could be the continuing availability of the >> >>solution e.g. >> >>>Red Hat may die, but Linux won't. >> >> >>OK, so this is a *very* interesting question. These are the types of >>questions that needs to be discussed in a open forum and >>where pieces of it >>can be standardized (the way many pieces of Linux has been >>standardized). >> >>cheers, >> >>thomas >>------ >> >> >> >> >>>I'm not sure how to do this, but maybe we could figure it out ! >>> >>>Cheers, >>> Gord 8-) >>> >>> >>> >>>----- Original Message ----- >>>From: "Thomas Hardjono" >>>To: ; >>>Sent: Wednesday, December 11, 2002 12:55 PM >>>Subject: Re: [IDRM] Disband or recharter IDRM? >>> >>> >>> >>>>Gord, >>>> >>>>I agree with most of your comments. Judging from the >> >>"emotional outcry" we >> >>>>received at the last IDRM meeting (Salt Lake City IETF, >> >>end of 2001), DRM >> >>>>seems to mean different things to different people. >>>> >>>> >>>>At 12/11/2002||09:23 AM, Gord Larose wrote: >>>> >>>>>Hello: >>>>> Most of you on the list will not know me, as I came >> >>in during your >> >>>period >>> >>>>>of dormancy. I too have been mulling these issues, as >> >>the DRM company >> >>>that >>> >>>>>I helped found (NetActive) struggled like most others in >> >>the space. >> >>>>>I think there are two classes of issues here - the >> >>social-advocacy ones >> >>>>>and the technical ones. >>>>> >>>>>The social-advocacy issues are horribly subjective. The >> >>concerns were >> >>>>>well expressed in Mark's email, and we could spend >> >>thousands of words >> >>>>>debating them. For what it >>>>>is worth, I believe that DRM is not philosophically >> >>wrong, and further, >> >>>that >>> >>>>>it is commercially necessary. However, I do not believe >> >>that the current >> >>>>>"axis of greed" between Hollywood and Washington serves the best >>> >>>interests >>> >>>>>of American citizens and, as a Canadian, I am very >> >>concerned about the >> >>>>>United States' efforts to impose its draconian views of copyright >>>>>enforcement on the rest of the world. >>>>> Good DRM does not have to put Big Brother on your hard >> >>drive. If it >> >>>does, >>> >>>>>then the price is too high. >>>> >>>>Right. So one of the notions we put forward in the IETF >> >>was: is it at all >> >>>>possible to create "open-source DRM technologies", so that small >>>>mom-and-pop publishers need not pay $$$ for proprietary >> >>solutions. The >> >>>>analogy is that with Linux and the Apache webserver, >> >>which are available >> >>>>for around $30. >>>>Another useful comparison in the RSA encryption >> >>algorithm, which is good >> >>>>technology, well understood, standardized and now finally >> >>over the patent >> >>>>hurdle. >>>> >>>>I realize that some folks take the (radical) position of >> >>being against any >> >>>>development of DRM technology whatsoever. The best way >> >>to ensure Big >> >>>>Brother does not happen is to go against any work >> >>relating to DRM. The >> >>>>reality is that DRM Technology is here to stay >> >>(proprietary), whether we >> >>>>like it or not. It will ship inside PCs and in consumer >> >>electronics >> >>>>devices. I think such a position actually helps the Big >> >>Brother syndrome, >> >>>>as it does not provide an option to the general public as >> >>to alternative >> >>>>sources of technology. >>>> >>>> >>>> >>>> >>>>>On a philosophical level then, I say there is a need for >> >>smart people to >> >>>>>build workable DRM that citizens can live with. >>>>> >>>>>The point issue of this technical group's mandate is >> >>much clearer IMO. >> >>>The >>> >>>>>core >>>>>technology challenges for DRM are terminal node >> >>challenges, not network >> >>>>>challenges. Sure, a network is usually involved, but DRM >> >>is nothing >> >>>special >>> >>>>>for the network. DRM's basic network needs are nothing >> >>harder than >> >>>>>http/https over tcp/ip. And the terminal mode challenges >> >>are largely >> >>>about >>> >>>>>things like tamper-resistance, which are proprietary and not very >>> >>>amenable >>> >>>>>to >>>>>standardization. It's not something where an IETF group >> >>adds much value. >> >>>>Right. This is where the word "DRM" is I think a >> >>misnomer for the IETF >> >>>>efforts. You are absolutely right, that DRM is indeed >> >>"terminal node >> >>>>challenges" (ie. development of rights-enforcing >> >>terminals), which is not >> >>>>the traditional area of work for the IETF. >>>> >>>>However, there some network issues that is part of what I >> >>call the "DRM >> >>>>macrocosm", which included functions relating to >> >>look-ups, secure network >> >>>>storage, transaction clearinghouse, etc. These would appear to be >>> >>>suitable >>> >>>>for work items in the IETF. >>>> >>>>Thus, one possible change to IDRM is a new name that is >> >>less likely to be >> >>>>controversial. >>>> >>>> >>>> >>>> >>>>>So where does that leave the group ? Seems to me the >> >>options include: >> >>>>>1) disband >>>>>2) generalize the focus to a multidisciplinary one, >> >>along the lines of >> >>>>>http://www.bcdforum.org . (Though I have to confess I find that >>> >>>organization >>> >>>>>lacking substance.) >>>>>3) Find specific technical problems that are obstacles >> >>to good (i.e. >> >>>>>effective but not Orwellian) DRM, which are going >> >>begging, and in scope, >> >>>>>and work on solutions. >>>>> >>>>>I don't have a top-of-mind suggestion for #3, but it >> >>sounds like the most >> >>>>>fun! >>>> >>>>Yes, the keyword is "fun". Perhaps others on the list >> >>may have specific >> >>>>suggestions? >>>> >>>>cheers, >>>> >>>>thomas >>>>------ >>>> >>>> >>>> >>>> >>>> >>>> >>>>>Other thoughts ??? >>>>> >>>>>Best Regards, >>>>> Gord Larose >>>>> >>>>>----- Original Message ----- >>>>>From: "Mark Baugher" >>>>>To: >>>>>Cc: ; "Vern Paxson" >>>>>Sent: Tuesday, December 10, 2002 6:43 PM >>>>>Subject: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>>>IDRM has obviously been dormant for about a year. >>>>>>SNIP< >>>> > > From PaulLambert@AirgoNetworks.Com Thu Dec 12 01:07:18 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 17:07:18 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A17A@wnimail.woodsidenet.com> Yes ... there are business needs for DRM, but vendors that field DRM = solutions are not compelled to make them a 'open' standard. DRM, whe= n used for content protection is an exclusionary technology that prov= ides no incentive to create open standards. DRM is a very broad topic. The politically exciting areas of file sh= aring and 'protecting' audio or video content are not a good places t= o create a 'research group'. What you need is a business reason for groups to cooperate. DRM (fro= m content providers) forces a usage model on end-systems that does no= t expect or require cooperation. Proprietary and patented technologi= es are an advantage because they are harder to reverse engineer and t= he patents are part of licensing policies that protect the implementa= tions. An irtf research group should not be just a discussion forum. Real p= roblems should be solved. For a work area to be successful, the focus must be clear. There are= problems that could be solved by DRM-ish technologies. For example,= spam filters could be improved with 'digital rights management' tech= nologies. However, this type of work would be more focused and succe= ssful as an anti-spam research group than a DRM task. DRM is a very overloaded and heavily patented term. Fairly simple co= ncepts of key management and public key based signatures have been co= nverted into patented techniques for DRM. The identical techniques w= ere used for secure messaging in the late 80's. The patent issues al= one are a good reason to kill the working group and start specific fo= cused efforts on solving specific problems. =20 Paul > -----Original Message----- > From: Lisa Rein [mailto:lisarein@finetuning.com] > Sent: Wednesday, December 11, 2002 4:39 PM > To: Paul Lambert > Cc: Theisen, Isabelle; Thomas Hardjono; ietf-idrm@lists.elistx.com; > glarose@info-mech.com; mbaugher@cisco.com > Subject: Re: [IDRM] Disband or recharter IDRM? >=20 >=20 > Hi Paul, >=20 > On the contrary. Business reasons for a specific technology are= =20 > *exactly* what defines the need for an open interoperable standard. >=20 > Thanks, >=20 > Lisa Rein >=20 > http://www.finetuning.com >=20 > Paul Lambert wrote: >=20 > > Perhaps no one has a business reason for this committee and=20 > it should be disbanded.=20 > >=20 > > Business reasons for a specific technology does not=20 > guarentee that there is any reason for an open interoperable standa= rd. > >=20 > >=20 > > Paul > >=20 > >=20 > >>-----Original Message----- > >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > >>Sent: Wednesday, December 11, 2002 2:48 PM > >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > >>'glarose@info-mech.com'; 'mbaugher@cisco.com' > >>Subject: RE: [IDRM] Disband or recharter IDRM? > >> > >> > >>Please, I do not have a business need for these emails.=20 > >>Please, remove from the list. > >> > >> > >>-----Original Message----- > >>From: Thomas Hardjono [mailto:thardjono@yahoo.com] > >>Sent: Wednesday, December 11, 2002 2:09 PM > >>To: Gord Larose > >>Cc: ietf-idrm@lists.elistx.com > >>Subject: Re: [IDRM] Disband or recharter IDRM? > >> > >> > >>At 12/11/2002||03:16 PM, Gord Larose wrote: > >> > >>>Hi Thomas, > >>>Thanks for the feedback and update. At a high level I=20 > agree with you > >>>completely. > >>> > >>>However, at a technical level, "Open source DRM" makes my=20 > >> > >>brain hurt. It's > >> > >>>hard enough hide anything in BINARY inside a PC; but like it= =20 > >> > >>or not, that's > >> > >>>one thing DRM has to do. I should know... the NetActive=20 > >> > >>technology I was > >> > >>>largely responsible for addresses exactly that problem. That= =20 > >> > >>technology has > >> > >>>never, to my knowledge, been publicly cracked... but I doubt= =20 > >> > >>that would have > >> > >>>been true if we'd published the source ! > >> > >>Yes, I agree: "open source DRM" makes my brain hurt too :) =20 > >>However, this=20 > >>seems to be the only way to provide an alternative to proprietary= =20 > >>technology. In many cases, perhaps the mom-and-pop=20 > >>"publisher" does not=20 > >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but= =20 > >>enough to=20 > >>discourage non-technical people from trying to break it. > >> > >> > >> > >>>And from a business perspective, Mom & Pop businesses already ha= ve > >>>inexpensive, low-end protection technologies available e.g. fro= m > >>>third-party software TBYB wrappers, or via, say, Windows=20 > >> > >>Media Player DRM. > >> > >>>The obstacles are more about complexity, churn, supplier=20 > >> > >>viability, trust, > >> > >>>and branding, than about cost or availability. > >> > >>Hmm, I'm not sure I follow here. WMP is only for certain=20 > >>types of contents=20 > >>(e.g. not books, newspapers, newletters, etc). > >> > >> > >> > >> > >>>So we'd have to be careful about what the values of such a=20 > >> > >>system were... if > >> > >>>we could figure out how it would work ! > >>> > >>>Here's an entertaining thought: suppose we emphasize TRUST=20 > >> > >>and CONTINUITY. > >> > >>>Maybe we could even subvert Palladium and the Fritz Chip to=20 > >> > >>nobler ends ? > >> > >>>i.e. a system that WILL, in some sense, robustly protect=20 > >> > >>content, but WILL > >> > >>>NOT - as a matter of the supplier's policy - do any of the= =20 > >> > >>things that > >> > >>>consumers and libertarians rightly fear ? And a further=20 > benefit of an > >>>open-source (that may not be the right term, maybe=20 > >> > >>"distributed ownership" > >> > >>>is better) model could be the continuing availability of the= =20 > >> > >>solution e.g. > >> > >>>Red Hat may die, but Linux won't. > >> > >> > >>OK, so this is a *very* interesting question. These are=20 > the types of=20 > >>questions that needs to be discussed in a open forum and=20 > >>where pieces of it=20 > >>can be standardized (the way many pieces of Linux has been=20 > >>standardized). > >> > >>cheers, > >> > >>thomas > >>------ > >> > >> > >> > >> > >>>I'm not sure how to do this, but maybe we could figure it out ! > >>> > >>>Cheers, > >>> Gord 8-) > >>> > >>> > >>> > >>>----- Original Message ----- > >>>From: "Thomas Hardjono" > >>>To: ; > >>>Sent: Wednesday, December 11, 2002 12:55 PM > >>>Subject: Re: [IDRM] Disband or recharter IDRM? > >>> > >>> > >>> > >>>>Gord, > >>>> > >>>>I agree with most of your comments. Judging from the=20 > >> > >>"emotional outcry" we > >> > >>>>received at the last IDRM meeting (Salt Lake City IETF,=20 > >> > >>end of 2001), DRM > >> > >>>>seems to mean different things to different people. > >>>> > >>>> > >>>>At 12/11/2002||09:23 AM, Gord Larose wrote: > >>>> > >>>>>Hello: > >>>>> Most of you on the list will not know me, as I came=20 > >> > >>in during your > >> > >>>period > >>> > >>>>>of dormancy. I too have been mulling these issues, as=20 > >> > >>the DRM company > >> > >>>that > >>> > >>>>>I helped found (NetActive) struggled like most others in=20 > >> > >>the space. > >> > >>>>>I think there are two classes of issues here - the=20 > >> > >>social-advocacy ones > >> > >>>>>and the technical ones. > >>>>> > >>>>>The social-advocacy issues are horribly subjective. The=20 > >> > >>concerns were > >> > >>>>>well expressed in Mark's email, and we could spend=20 > >> > >>thousands of words > >> > >>>>>debating them. For what it > >>>>>is worth, I believe that DRM is not philosophically=20 > >> > >>wrong, and further, > >> > >>>that > >>> > >>>>>it is commercially necessary. However, I do not believe=20 > >> > >>that the current > >> > >>>>>"axis of greed" between Hollywood and Washington serves the be= st > >>> > >>>interests > >>> > >>>>>of American citizens and, as a Canadian, I am very=20 > >> > >>concerned about the > >> > >>>>>United States' efforts to impose its draconian views of copyri= ght > >>>>>enforcement on the rest of the world. > >>>>> Good DRM does not have to put Big Brother on your hard=20 > >> > >>drive. If it > >> > >>>does, > >>> > >>>>>then the price is too high. > >>>> > >>>>Right. So one of the notions we put forward in the IETF=20 > >> > >>was: is it at all > >> > >>>>possible to create "open-source DRM technologies", so that smal= l > >>>>mom-and-pop publishers need not pay $$$ for proprietary=20 > >> > >>solutions. The > >> > >>>>analogy is that with Linux and the Apache webserver,=20 > >> > >>which are available > >> > >>>>for around $30. > >>>>Another useful comparison in the RSA encryption=20 > >> > >>algorithm, which is good > >> > >>>>technology, well understood, standardized and now finally=20 > >> > >>over the patent > >> > >>>>hurdle. > >>>> > >>>>I realize that some folks take the (radical) position of=20 > >> > >>being against any > >> > >>>>development of DRM technology whatsoever. The best way=20 > >> > >>to ensure Big > >> > >>>>Brother does not happen is to go against any work=20 > >> > >>relating to DRM. The > >> > >>>>reality is that DRM Technology is here to stay=20 > >> > >>(proprietary), whether we > >> > >>>>like it or not. It will ship inside PCs and in consumer=20 > >> > >>electronics > >> > >>>>devices. I think such a position actually helps the Big=20 > >> > >>Brother syndrome, > >> > >>>>as it does not provide an option to the general public as=20 > >> > >>to alternative > >> > >>>>sources of technology. > >>>> > >>>> > >>>> > >>>> > >>>>>On a philosophical level then, I say there is a need for=20 > >> > >>smart people to > >> > >>>>>build workable DRM that citizens can live with. > >>>>> > >>>>>The point issue of this technical group's mandate is=20 > >> > >>much clearer IMO. > >> > >>>The > >>> > >>>>>core > >>>>>technology challenges for DRM are terminal node=20 > >> > >>challenges, not network > >> > >>>>>challenges. Sure, a network is usually involved, but DRM=20 > >> > >>is nothing > >> > >>>special > >>> > >>>>>for the network. DRM's basic network needs are nothing=20 > >> > >>harder than > >> > >>>>>http/https over tcp/ip. And the terminal mode challenges=20 > >> > >>are largely > >> > >>>about > >>> > >>>>>things like tamper-resistance, which are proprietary and not v= ery > >>> > >>>amenable > >>> > >>>>>to > >>>>>standardization. It's not something where an IETF group=20 > >> > >>adds much value. > >> > >>>>Right. This is where the word "DRM" is I think a=20 > >> > >>misnomer for the IETF > >> > >>>>efforts. You are absolutely right, that DRM is indeed=20 > >> > >>"terminal node > >> > >>>>challenges" (ie. development of rights-enforcing=20 > >> > >>terminals), which is not > >> > >>>>the traditional area of work for the IETF. > >>>> > >>>>However, there some network issues that is part of what I=20 > >> > >>call the "DRM > >> > >>>>macrocosm", which included functions relating to=20 > >> > >>look-ups, secure network > >> > >>>>storage, transaction clearinghouse, etc. These would appear to= be > >>> > >>>suitable > >>> > >>>>for work items in the IETF. > >>>> > >>>>Thus, one possible change to IDRM is a new name that is=20 > >> > >>less likely to be > >> > >>>>controversial. > >>>> > >>>> > >>>> > >>>> > >>>>>So where does that leave the group ? Seems to me the=20 > >> > >>options include: > >> > >>>>>1) disband > >>>>>2) generalize the focus to a multidisciplinary one,=20 > >> > >>along the lines of > >> > >>>>>http://www.bcdforum.org . (Though I have to confess I find tha= t > >>> > >>>organization > >>> > >>>>>lacking substance.) > >>>>>3) Find specific technical problems that are obstacles=20 > >> > >>to good (i.e. > >> > >>>>>effective but not Orwellian) DRM, which are going=20 > >> > >>begging, and in scope, > >> > >>>>>and work on solutions. > >>>>> > >>>>>I don't have a top-of-mind suggestion for #3, but it=20 > >> > >>sounds like the most > >> > >>>>>fun! > >>>> > >>>>Yes, the keyword is "fun". Perhaps others on the list=20 > >> > >>may have specific > >> > >>>>suggestions? > >>>> > >>>>cheers, > >>>> > >>>>thomas > >>>>------ > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Other thoughts ??? > >>>>> > >>>>>Best Regards, > >>>>> Gord Larose > >>>>> > >>>>>----- Original Message ----- > >>>>>From: "Mark Baugher" > >>>>>To: > >>>>>Cc: ; "Vern Paxson" > >>>>>Sent: Tuesday, December 10, 2002 6:43 PM > >>>>>Subject: [IDRM] Disband or recharter IDRM? > >>>>> > >>>>> > >>>>>>IDRM has obviously been dormant for about a year. > >>>>>>SNIP< > >>>> > >=20 > >=20 >=20 >=20 From PaulLambert@AirgoNetworks.Com Thu Dec 12 01:16:42 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 17:16:42 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A17B@wnimail.woodsidenet.com> > Just so we are all on the same page, a stated "business reason" is= not=20 > among the criteria used to establish and guide an Internet Research= Task=20 > Force (IRTF) Research Group such as IDRM=20 There needs to be some reason for the community at large to participa= te. =20 > Force (IRTF) Research Group such as IDRM=20 > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) Which says: The products of a Research Group are research results that may be disseminated by publication in scholarly journ= als and conferences, as white papers for the community, as Information= al RFCs, and so on. In addition, it is expected that technologies developed in a Research Group will be brought to the IETF as input= to IETF Working Group(s) for possible standardization. It does not say 'discussion forum'. What are the specific work produ= cts for this group? Paul > -----Original Message----- > From: Mark Baugher [mailto:mbaugher@cisco.com] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Paul Lambert > Cc: ietf-idrm@lists.elistx.com > Subject: RE: [IDRM] Disband or recharter IDRM? >=20 >=20 > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: >=20 > > > Please, I do not have a business need for these emails. > > > >Perhaps no one has a business reason for this committee and=20 > it should be=20 > >disbanded. >=20 > Just so we are all on the same page, a stated "business=20 > reason" is not=20 > among the criteria used to establish and guide an Internet=20 > Research Task=20 > Force (IRTF) Research Group such as IDRM=20 > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >=20 > Mark >=20 >=20 > >Business reasons for a specific technology does not=20 > guarentee that there=20 > >is any reason for an open interoperable standard. > > > > > >Paul > > > > > -----Original Message----- > > > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com= ] > > > Sent: Wednesday, December 11, 2002 2:48 PM > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > Please, I do not have a business need for these emails. > > > Please, remove from the list. > > > > > > > > > -----Original Message----- > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > > Sent: Wednesday, December 11, 2002 2:09 PM > > > To: Gord Larose > > > Cc: ietf-idrm@lists.elistx.com > > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > > >Hi Thomas, > > > >Thanks for the feedback and update. At a high level I=20 > agree with you > > > >completely. > > > > > > > >However, at a technical level, "Open source DRM" makes my > > > brain hurt. It's > > > >hard enough hide anything in BINARY inside a PC; but like it > > > or not, that's > > > >one thing DRM has to do. I should know... the NetActive > > > technology I was > > > >largely responsible for addresses exactly that problem. That > > > technology has > > > >never, to my knowledge, been publicly cracked... but I doubt > > > that would have > > > >been true if we'd published the source ! > > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > > However, this > > > seems to be the only way to provide an alternative to proprieta= ry > > > technology. In many cases, perhaps the mom-and-pop > > > "publisher" does not > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > > enough to > > > discourage non-technical people from trying to break it. > > > > > > > > > >And from a business perspective, Mom & Pop businesses=20 > already have > > > >inexpensive, low-end protection technologies available e.g. f= rom > > > >third-party software TBYB wrappers, or via, say, Windows > > > Media Player DRM. > > > >The obstacles are more about complexity, churn, supplier > > > viability, trust, > > > >and branding, than about cost or availability. > > > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > > types of contents > > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > > > > > >So we'd have to be careful about what the values of such a > > > system were... if > > > >we could figure out how it would work ! > > > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > > and CONTINUITY. > > > >Maybe we could even subvert Palladium and the Fritz Chip to > > > nobler ends ? > > > >i.e. a system that WILL, in some sense, robustly protect > > > content, but WILL > > > >NOT - as a matter of the supplier's policy - do any of the > > > things that > > > >consumers and libertarians rightly fear ? And a further=20 > benefit of an > > > >open-source (that may not be the right term, maybe > > > "distributed ownership" > > > >is better) model could be the continuing availability of the > > > solution e.g. > > > >Red Hat may die, but Linux won't. > > > > > > > > > OK, so this is a *very* interesting question. These are=20 > the types of > > > questions that needs to be discussed in a open forum and > > > where pieces of it > > > can be standardized (the way many pieces of Linux has been > > > standardized). > > > > > > cheers, > > > > > > thomas > > > ------ > > > > > > > > > > > > >I'm not sure how to do this, but maybe we could figure it out = ! > > > > > > > >Cheers, > > > > Gord 8-) > > > > > > > > > > > > > > > >----- Original Message ----- > > > >From: "Thomas Hardjono" > > > >To: ; > > > >Sent: Wednesday, December 11, 2002 12:55 PM > > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > Gord, > > > > > > > > > > I agree with most of your comments. Judging from the > > > "emotional outcry" we > > > > > received at the last IDRM meeting (Salt Lake City IETF, > > > end of 2001), DRM > > > > > seems to mean different things to different people. > > > > > > > > > > > > > > > At 12/11/2002||09:23