From thardjono@verisign.com Wed Dec 4 16:25:46 2002 From: thardjono@verisign.com (Thomas Hardjono) Date: Wed, 04 Dec 2002 11:25:46 -0500 Subject: [IETF-IDRM] test - ignore Message-ID: <5.0.0.25.2.20021204112529.027cf598@pop.mail.yahoo.com> test - ignore From mbaugher@cisco.com Tue Dec 10 23:43:00 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Tue, 10 Dec 2002 15:43:00 -0800 Subject: [IETF-IDRM] [IDRM] Disband or recharter IDRM? Message-ID: <5.1.1.5.2.20021210153822.04a911e8@mira-sjc5-6.cisco.com> IDRM has obviously been dormant for about a year. Over the past year, many content-trading businesses and DRM technology vendors have failed. The movie studios are currently trying out Internet distribution while there is a buzz in the technical community about the irrelevance of DRM to internet entertainment. Nonetheless, DRM-based products are incubating at a few big software, entertainment, and consumer electronics companies; these will likely affect the Internet in years to come. The EFF and a few other public-interest groups have consistently raised important privacy and consumer rights issues related to aspects of DRM technology. Some of these concerns are echoed in the standards bodies. Although, MPEG and other organizations are standardizing interfaces to key management, licensing, and content-protection systems, IDRM has done little towards our original goals of investigating the affects of DRM technologies on Internet open-standards and the end-to-end model. Thomas, Sam Sun, Vern Paxson and I have been discussing the state and direction of IDRM for many months now. We have considered resuming our work despite the dissension that the very notion of DRM causes within the Internet community; we have also discussed re-chartering the group, as well as disbanding the group. We think that the right thing to do at this time is to open a discussion on this list. And we thought we would share with you just a few things that we have discussed up to this point. First, there are interoperability issues in DRM. Entertainment systems typically use licensed standards rather than open standards so the licensor can validate that the licensee addresses various concerns for content handling. When applied to the Internet, this tradition might foster proprietary protocols that diminish interoperability, increase complexity, discourage innovation and increase costs. For example, DVB simulcrypt interoperates with a great variety of key management protocols, which is good, but it is prohibitively expensive to introduce standardized key management in DVB systems, which is bad. Regardless of one's feelings toward DRM or content protection, open standards can mitigate some negative effects of this trend through standard interfaces to end systems. There are also general end-to-end issues that have a technology component. At the level of the global Internet, the DRM concerns raised by Internet music and movie trading are another case of one community (national, regional or virtual) wanting to assert control over how the Internet is used by others. DRM is closely related to privacy rights of individuals and groups, to the conflict between community standards and a global information infrastructure. There are some problems posed for the Internet end-to-end principle by the demand for controls by geographical regions or global industries. I doubt whether these problems have technical solutions but they may foster new technologies and standards, for better or worse, such a P3P. These technologies are of interest to the Internet community, and the IDRM RG could serve as a forum for them just as it could serve as a group that looks ahead towards new standards needed by applications that use content protection or DRM technologies. We can think of reasons, therefore, to keep the IDRM group functioning. But our list has been dormant and little work has been brought to the group over the past 18 months. We should consider these things as we consider what to do with IDRM. Mark From glarose@info-mech.com Wed Dec 11 14:23:00 2002 From: glarose@info-mech.com (Gord Larose) Date: Wed, 11 Dec 2002 09:23:00 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? References: <1qcd67$jd0h@halt-in.cisco.com> Message-ID: <002001c2a120$cf33d060$0400a8c0@sympatico.ca> Hello: Most of you on the list will not know me, as I came in during your period of dormancy. I too have been mulling these issues, as the DRM company that I helped found (NetActive) struggled like most others in the space. I think there are two classes of issues here - the social-advocacy ones and the technical ones. The social-advocacy issues are horribly subjective. The concerns were well expressed in Mark's email, and we could spend thousands of words debating them. For what it is worth, I believe that DRM is not philosophically wrong, and further, that it is commercially necessary. However, I do not believe that the current "axis of greed" between Hollywood and Washington serves the best interests of American citizens and, as a Canadian, I am very concerned about the United States' efforts to impose its draconian views of copyright enforcement on the rest of the world. Good DRM does not have to put Big Brother on your hard drive. If it does, then the price is too high. On a philosophical level then, I say there is a need for smart people to build workable DRM that citizens can live with. The point issue of this technical group's mandate is much clearer IMO. The core technology challenges for DRM are terminal node challenges, not network challenges. Sure, a network is usually involved, but DRM is nothing special for the network. DRM's basic network needs are nothing harder than http/https over tcp/ip. And the terminal mode challenges are largely about things like tamper-resistance, which are proprietary and not very amenable to standardization. It's not something where an IETF group adds much value. So where does that leave the group ? Seems to me the options include: 1) disband 2) generalize the focus to a multidisciplinary one, along the lines of http://www.bcdforum.org . (Though I have to confess I find that organization lacking substance.) 3) Find specific technical problems that are obstacles to good (i.e. effective but not Orwellian) DRM, which are going begging, and in scope, and work on solutions. I don't have a top-of-mind suggestion for #3, but it sounds like the most fun! Other thoughts ??? Best Regards, Gord Larose ----- Original Message ----- From: "Mark Baugher" To: Cc: ; "Vern Paxson" Sent: Tuesday, December 10, 2002 6:43 PM Subject: [IDRM] Disband or recharter IDRM? > IDRM has obviously been dormant for about a year. >SNIP< From thardjono@verisign.com Wed Dec 11 17:55:15 2002 From: thardjono@verisign.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 12:55:15 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <002001c2a120$cf33d060$0400a8c0@sympatico.ca> References: <1qcd67$jd0h@halt-in.cisco.com> Message-ID: <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Gord, I agree with most of your comments. Judging from the "emotional outcry" we received at the last IDRM meeting (Salt Lake City IETF, end of 2001), DRM seems to mean different things to different people. At 12/11/2002||09:23 AM, Gord Larose wrote: >Hello: > Most of you on the list will not know me, as I came in during your period >of dormancy. I too have been mulling these issues, as the DRM company that >I helped found (NetActive) struggled like most others in the space. > >I think there are two classes of issues here - the social-advocacy ones >and the technical ones. > >The social-advocacy issues are horribly subjective. The concerns were >well expressed in Mark's email, and we could spend thousands of words >debating them. For what it >is worth, I believe that DRM is not philosophically wrong, and further, that >it is commercially necessary. However, I do not believe that the current >"axis of greed" between Hollywood and Washington serves the best interests >of American citizens and, as a Canadian, I am very concerned about the >United States' efforts to impose its draconian views of copyright >enforcement on the rest of the world. > Good DRM does not have to put Big Brother on your hard drive. If it does, >then the price is too high. Right. So one of the notions we put forward in the IETF was: is it at all possible to create "open-source DRM technologies", so that small mom-and-pop publishers need not pay $$$ for proprietary solutions. The analogy is that with Linux and the Apache webserver, which are available for around $30. Another useful comparison in the RSA encryption algorithm, which is good technology, well understood, standardized and now finally over the patent hurdle. I realize that some folks take the (radical) position of being against any development of DRM technology whatsoever. The best way to ensure Big Brother does not happen is to go against any work relating to DRM. The reality is that DRM Technology is here to stay (proprietary), whether we like it or not. It will ship inside PCs and in consumer electronics devices. I think such a position actually helps the Big Brother syndrome, as it does not provide an option to the general public as to alternative sources of technology. >On a philosophical level then, I say there is a need for smart people to >build workable DRM that citizens can live with. > >The point issue of this technical group's mandate is much clearer IMO. The >core >technology challenges for DRM are terminal node challenges, not network >challenges. Sure, a network is usually involved, but DRM is nothing special >for the network. DRM's basic network needs are nothing harder than >http/https over tcp/ip. And the terminal mode challenges are largely about >things like tamper-resistance, which are proprietary and not very amenable >to >standardization. It's not something where an IETF group adds much value. Right. This is where the word "DRM" is I think a misnomer for the IETF efforts. You are absolutely right, that DRM is indeed "terminal node challenges" (ie. development of rights-enforcing terminals), which is not the traditional area of work for the IETF. However, there some network issues that is part of what I call the "DRM macrocosm", which included functions relating to look-ups, secure network storage, transaction clearinghouse, etc. These would appear to be suitable for work items in the IETF. Thus, one possible change to IDRM is a new name that is less likely to be controversial. >So where does that leave the group ? Seems to me the options include: >1) disband >2) generalize the focus to a multidisciplinary one, along the lines of >http://www.bcdforum.org . (Though I have to confess I find that organization >lacking substance.) >3) Find specific technical problems that are obstacles to good (i.e. >effective but not Orwellian) DRM, which are going begging, and in scope, >and work on solutions. > >I don't have a top-of-mind suggestion for #3, but it sounds like the most >fun! Yes, the keyword is "fun". Perhaps others on the list may have specific suggestions? cheers, thomas ------ >Other thoughts ??? > >Best Regards, > Gord Larose > >----- Original Message ----- >From: "Mark Baugher" >To: >Cc: ; "Vern Paxson" >Sent: Tuesday, December 10, 2002 6:43 PM >Subject: [IDRM] Disband or recharter IDRM? > > > IDRM has obviously been dormant for about a year. > >SNIP< From judge@cc.gatech.edu Wed Dec 11 21:21:28 2002 From: judge@cc.gatech.edu (Paul Judge) Date: Wed, 11 Dec 2002 16:21:28 -0500 (EST) Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Message-ID: On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > Right. So one of the notions we put forward in the IETF was: is it at all > possible to create "open-source DRM technologies", so that small > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > analogy is that with Linux and the Apache webserver, which are available > for around $30. > Another useful comparison in the RSA encryption algorithm, which is good > technology, well understood, standardized and now finally over the patent > hurdle. I think that this is a reasonable strategy and a worthy goal. We were working on some content protection architectures here that have very similiar motivations. An open-source standards-based DRM system would enable the small content providers as well as provide an alternative to multiple proprietary formats and systems. > >On a philosophical level then, I say there is a need for smart people to > >build workable DRM that citizens can live with. > > > >The point issue of this technical group's mandate is much clearer IMO. The > >core > >technology challenges for DRM are terminal node challenges, not network > >challenges. Sure, a network is usually involved, but DRM is nothing special > >for the network. DRM's basic network needs are nothing harder than > >http/https over tcp/ip. And the terminal mode challenges are largely about > >things like tamper-resistance, which are proprietary and not very amenable > >to > >standardization. It's not something where an IETF group adds much value. > > Right. This is where the word "DRM" is I think a misnomer for the IETF > efforts. You are absolutely right, that DRM is indeed "terminal node > challenges" (ie. development of rights-enforcing terminals), which is not > the traditional area of work for the IETF. > > However, there some network issues that is part of what I call the "DRM > macrocosm", which included functions relating to look-ups, secure network > storage, transaction clearinghouse, etc. These would appear to be suitable > for work items in the IETF. The way that I've been thinking about this is that DRM tries to solve three problems: 1) secure distribution/conditional access, 2) protected storage, and 3) output protection. True, #3 is largely about 'terminal node challenges', but #1 and #2 largely include distribution architectures and supporting systems. I believe that there is room in these areas for IETF work. > Thus, one possible change to IDRM is a new name that is less likely to be > controversial. Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce the confusion since DRM is such an overloaded term. If the focus becomes protected distribution and protected storage areas, then how about a name to describe that as opposed to the output protection area. >>3) Find specific technical problems that are obstacles to good (i.e. >>effective but not Orwellian) DRM, which are going begging, and in scope, >>and work on solutions. >> >>I don't have a top-of-mind suggestion for #3, but it sounds like the most >>fun! >>Yes, the keyword is "fun". Perhaps others on the list may have specific >>suggestions? based on what i've worked on before, there are a few things that come to mind. there are a few components that must exist in a protected distribution/storage environment: secure content objects, content object importation system, ACL servers (1 that assigns rights and 1 that can be used to lookup rights based on a user, role, or object), authorization protocols, etc. with that said, my two cents is: 'recharter'. Regards, Paul ___________________________ Paul Judge, Ph.D. Candidate Georgia Tech judge@cc.gatech.edu From staddon@parc.com Wed Dec 11 21:56:27 2002 From: staddon@parc.com (staddon@parc.com) Date: Wed, 11 Dec 2002 13:56:27 -0800 (PST) Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xerox.com> I've only joined the mailing list recently and am still a bit fuzzy on the goals of IRTF working groups in general. That said, I think there are a number of interesting areas in which new (crypto) technology is needed and that could be taken up as part of Gord's option #3. One easy example if copy protection for digital tv. Perhaps the group could recommend approaches that allow for normal use (e.g. the ability to view recorded programs on any of a user's players) but make large-scale piracy difficult. In addition, with the activity around microbroadcasters this past summer, there also seems to be a need for technology that can better measure the audience size of content distributors. Such technology could potentially protect small distributors by keeping their licensing fees low but still be fair DRM-wise (Rob Johnson and I did some work in this area but I think there's still much to be done). These are very much off the top of my head and I'm sure there are more and better candidates. In any case, I would like to see the group resume activity. Jessica Staddon -----Original Message----- From: Paul Judge [mailto:judge@cc.gatech.edu] Sent: Wednesday, December 11, 2002 1:21 PM To: Thomas Hardjono Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com Subject: Re: [IDRM] Disband or recharter IDRM? On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > Right. So one of the notions we put forward in the IETF was: is it at all > possible to create "open-source DRM technologies", so that small > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > analogy is that with Linux and the Apache webserver, which are available > for around $30. > Another useful comparison in the RSA encryption algorithm, which is good > technology, well understood, standardized and now finally over the patent > hurdle. I think that this is a reasonable strategy and a worthy goal. We were working on some content protection architectures here that have very similiar motivations. An open-source standards-based DRM system would enable the small content providers as well as provide an alternative to multiple proprietary formats and systems. > >On a philosophical level then, I say there is a need for smart people to > >build workable DRM that citizens can live with. > > > >The point issue of this technical group's mandate is much clearer IMO. The > >core > >technology challenges for DRM are terminal node challenges, not network > >challenges. Sure, a network is usually involved, but DRM is nothing special > >for the network. DRM's basic network needs are nothing harder than > >http/https over tcp/ip. And the terminal mode challenges are largely about > >things like tamper-resistance, which are proprietary and not very amenable > >to > >standardization. It's not something where an IETF group adds much value. > > Right. This is where the word "DRM" is I think a misnomer for the IETF > efforts. You are absolutely right, that DRM is indeed "terminal node > challenges" (ie. development of rights-enforcing terminals), which is not > the traditional area of work for the IETF. > > However, there some network issues that is part of what I call the "DRM > macrocosm", which included functions relating to look-ups, secure network > storage, transaction clearinghouse, etc. These would appear to be suitable > for work items in the IETF. The way that I've been thinking about this is that DRM tries to solve three problems: 1) secure distribution/conditional access, 2) protected storage, and 3) output protection. True, #3 is largely about 'terminal node challenges', but #1 and #2 largely include distribution architectures and supporting systems. I believe that there is room in these areas for IETF work. > Thus, one possible change to IDRM is a new name that is less likely to be > controversial. Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce the confusion since DRM is such an overloaded term. If the focus becomes protected distribution and protected storage areas, then how about a name to describe that as opposed to the output protection area. >>3) Find specific technical problems that are obstacles to good (i.e. >>effective but not Orwellian) DRM, which are going begging, and in scope, >>and work on solutions. >> >>I don't have a top-of-mind suggestion for #3, but it sounds like the most >>fun! >>Yes, the keyword is "fun". Perhaps others on the list may have specific >>suggestions? based on what i've worked on before, there are a few things that come to mind. there are a few components that must exist in a protected distribution/storage environment: secure content objects, content object importation system, ACL servers (1 that assigns rights and 1 that can be used to lookup rights based on a user, role, or object), authorization protocols, etc. with that said, my two cents is: 'recharter'. Regards, Paul ___________________________ Paul Judge, Ph.D. Candidate Georgia Tech judge@cc.gatech.edu From thardjono@yahoo.com Wed Dec 11 22:20:43 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 17:20:43 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: References: <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Message-ID: <5.0.0.25.2.20021211171455.037ff890@pop.mail.yahoo.com> Hi Paul, At 12/11/2002||04:21 PM, Paul Judge wrote: >On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > >I think that this is a reasonable strategy and a worthy goal. We were >working on some content protection architectures here that have very >similiar motivations. An open-source standards-based DRM system would >enable the small content providers as well as provide an alternative to >multiple proprietary formats and systems. I like the term "content protection architectures", a term which has come-up several times in some IETF discussions regarding suitable areas for the IETF. > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing > special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely about > > >things like tamper-resistance, which are proprietary and not very amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be suitable > > for work items in the IETF. > >The way that I've been thinking about this is that DRM tries to solve >three problems: 1) secure distribution/conditional access, 2) protected >storage, and 3) output protection. True, #3 is largely about 'terminal >node challenges', but #1 and #2 largely include distribution architectures >and supporting systems. I believe that there is room in these areas for >IETF work. Right, absolutely. #1 and #2 are in fact in the purview of the IETF. A possible #4 could be "look-up" technologies, such as the Handle system or similar systems implementing object-identifiers (like DOI). Also needed is the management of meta-data, which may not always be stored with or accompany the protected data/content. > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > >Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >the confusion since DRM is such an overloaded term. If the focus becomes >protected distribution and protected storage areas, then how about a name >to describe that as opposed to the output protection area. Agree. Perhaps something like "content protection" or "information rights" could reduce the number of reporters in the room :) > >>3) Find specific technical problems that are obstacles to good (i.e. > >>effective but not Orwellian) DRM, which are going begging, and in scope, > >>and work on solutions. > >> > >>I don't have a top-of-mind suggestion for #3, but it sounds like the >most > >>fun! > > >>Yes, the keyword is "fun". Perhaps others on the list may have specific > >>suggestions? > >based on what i've worked on before, there are a few things that come to >mind. there are a few components that must exist in a protected >distribution/storage environment: secure content objects, content object >importation system, ACL servers (1 that assigns rights and 1 that can be >used to lookup rights based on a user, role, or object), authorization >protocols, etc. > >with that said, my two cents is: 'recharter'. Great! I agree. cheers, thomas ------ >Regards, >Paul > >___________________________ >Paul Judge, Ph.D. Candidate >Georgia Tech >judge@cc.gatech.edu > > > > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From thardjono@yahoo.com Wed Dec 11 22:08:34 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 17:08:34 -0500 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <01db01c2a152$3a453700$0400a8c0@sympatico.ca> References: <1qcd67$jd0h@halt-in.cisco.com> <5.0.0.25.2.20021211122647.02e1d4a8@pop.mail.yahoo.com> Message-ID: <5.0.0.25.2.20021211165941.0332bf98@vhqpostal3.verisign.com> At 12/11/2002||03:16 PM, Gord Larose wrote: >Hi Thomas, >Thanks for the feedback and update. At a high level I agree with you >completely. > >However, at a technical level, "Open source DRM" makes my brain hurt. It's >hard enough hide anything in BINARY inside a PC; but like it or not, that's >one thing DRM has to do. I should know... the NetActive technology I was >largely responsible for addresses exactly that problem. That technology has >never, to my knowledge, been publicly cracked... but I doubt that would have >been true if we'd published the source ! Yes, I agree: "open source DRM" makes my brain hurt too :) However, this seems to be the only way to provide an alternative to proprietary technology. In many cases, perhaps the mom-and-pop "publisher" does not need 100% hack-proof DRM (maybe not even 90% hack-proof), but enough to discourage non-technical people from trying to break it. >And from a business perspective, Mom & Pop businesses already have >inexpensive, low-end protection technologies available e.g. from >third-party software TBYB wrappers, or via, say, Windows Media Player DRM. >The obstacles are more about complexity, churn, supplier viability, trust, >and branding, than about cost or availability. Hmm, I'm not sure I follow here. WMP is only for certain types of contents (e.g. not books, newspapers, newletters, etc). >So we'd have to be careful about what the values of such a system were... if >we could figure out how it would work ! > >Here's an entertaining thought: suppose we emphasize TRUST and CONTINUITY. >Maybe we could even subvert Palladium and the Fritz Chip to nobler ends ? >i.e. a system that WILL, in some sense, robustly protect content, but WILL >NOT - as a matter of the supplier's policy - do any of the things that >consumers and libertarians rightly fear ? And a further benefit of an >open-source (that may not be the right term, maybe "distributed ownership" >is better) model could be the continuing availability of the solution e.g. >Red Hat may die, but Linux won't. OK, so this is a *very* interesting question. These are the types of questions that needs to be discussed in a open forum and where pieces of it can be standardized (the way many pieces of Linux has been standardized). cheers, thomas ------ >I'm not sure how to do this, but maybe we could figure it out ! > >Cheers, > Gord 8-) > > > >----- Original Message ----- >From: "Thomas Hardjono" >To: ; >Sent: Wednesday, December 11, 2002 12:55 PM >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > Gord, > > > > I agree with most of your comments. Judging from the "emotional outcry" we > > received at the last IDRM meeting (Salt Lake City IETF, end of 2001), DRM > > seems to mean different things to different people. > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > >Hello: > > > Most of you on the list will not know me, as I came in during your >period > > >of dormancy. I too have been mulling these issues, as the DRM company >that > > >I helped found (NetActive) struggled like most others in the space. > > > > > >I think there are two classes of issues here - the social-advocacy ones > > >and the technical ones. > > > > > >The social-advocacy issues are horribly subjective. The concerns were > > >well expressed in Mark's email, and we could spend thousands of words > > >debating them. For what it > > >is worth, I believe that DRM is not philosophically wrong, and further, >that > > >it is commercially necessary. However, I do not believe that the current > > >"axis of greed" between Hollywood and Washington serves the best >interests > > >of American citizens and, as a Canadian, I am very concerned about the > > >United States' efforts to impose its draconian views of copyright > > >enforcement on the rest of the world. > > > Good DRM does not have to put Big Brother on your hard drive. If it >does, > > >then the price is too high. > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > > > > I realize that some folks take the (radical) position of being against any > > development of DRM technology whatsoever. The best way to ensure Big > > Brother does not happen is to go against any work relating to DRM. The > > reality is that DRM Technology is here to stay (proprietary), whether we > > like it or not. It will ship inside PCs and in consumer electronics > > devices. I think such a position actually helps the Big Brother syndrome, > > as it does not provide an option to the general public as to alternative > > sources of technology. > > > > > > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. >The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing >special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely >about > > >things like tamper-resistance, which are proprietary and not very >amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be >suitable > > for work items in the IETF. > > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > > > > > > > > >So where does that leave the group ? Seems to me the options include: > > >1) disband > > >2) generalize the focus to a multidisciplinary one, along the lines of > > >http://www.bcdforum.org . (Though I have to confess I find that >organization > > >lacking substance.) > > >3) Find specific technical problems that are obstacles to good (i.e. > > >effective but not Orwellian) DRM, which are going begging, and in scope, > > >and work on solutions. > > > > > >I don't have a top-of-mind suggestion for #3, but it sounds like the most > > >fun! > > > > Yes, the keyword is "fun". Perhaps others on the list may have specific > > suggestions? > > > > cheers, > > > > thomas > > ------ > > > > > > > > > > > > >Other thoughts ??? > > > > > >Best Regards, > > > Gord Larose > > > > > >----- Original Message ----- > > >From: "Mark Baugher" > > >To: > > >Cc: ; "Vern Paxson" > > >Sent: Tuesday, December 10, 2002 6:43 PM > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > IDRM has obviously been dormant for about a year. > > > >SNIP< > > From Isabelle.Theisen@unistudios.com Wed Dec 11 22:48:19 2002 From: Isabelle.Theisen@unistudios.com (Theisen, Isabelle) Date: Wed, 11 Dec 2002 14:48:19 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: Please, I do not have a business need for these emails. Please, remove from the list. -----Original Message----- From: Thomas Hardjono [mailto:thardjono@yahoo.com] Sent: Wednesday, December 11, 2002 2:09 PM To: Gord Larose Cc: ietf-idrm@lists.elistx.com Subject: Re: [IDRM] Disband or recharter IDRM? At 12/11/2002||03:16 PM, Gord Larose wrote: >Hi Thomas, >Thanks for the feedback and update. At a high level I agree with you >completely. > >However, at a technical level, "Open source DRM" makes my brain hurt. It's >hard enough hide anything in BINARY inside a PC; but like it or not, that's >one thing DRM has to do. I should know... the NetActive technology I was >largely responsible for addresses exactly that problem. That technology has >never, to my knowledge, been publicly cracked... but I doubt that would have >been true if we'd published the source ! Yes, I agree: "open source DRM" makes my brain hurt too :) However, this seems to be the only way to provide an alternative to proprietary technology. In many cases, perhaps the mom-and-pop "publisher" does not need 100% hack-proof DRM (maybe not even 90% hack-proof), but enough to discourage non-technical people from trying to break it. >And from a business perspective, Mom & Pop businesses already have >inexpensive, low-end protection technologies available e.g. from >third-party software TBYB wrappers, or via, say, Windows Media Player DRM. >The obstacles are more about complexity, churn, supplier viability, trust, >and branding, than about cost or availability. Hmm, I'm not sure I follow here. WMP is only for certain types of contents (e.g. not books, newspapers, newletters, etc). >So we'd have to be careful about what the values of such a system were... if >we could figure out how it would work ! > >Here's an entertaining thought: suppose we emphasize TRUST and CONTINUITY. >Maybe we could even subvert Palladium and the Fritz Chip to nobler ends ? >i.e. a system that WILL, in some sense, robustly protect content, but WILL >NOT - as a matter of the supplier's policy - do any of the things that >consumers and libertarians rightly fear ? And a further benefit of an >open-source (that may not be the right term, maybe "distributed ownership" >is better) model could be the continuing availability of the solution e.g. >Red Hat may die, but Linux won't. OK, so this is a *very* interesting question. These are the types of questions that needs to be discussed in a open forum and where pieces of it can be standardized (the way many pieces of Linux has been standardized). cheers, thomas ------ >I'm not sure how to do this, but maybe we could figure it out ! > >Cheers, > Gord 8-) > > > >----- Original Message ----- >From: "Thomas Hardjono" >To: ; >Sent: Wednesday, December 11, 2002 12:55 PM >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > Gord, > > > > I agree with most of your comments. Judging from the "emotional outcry" we > > received at the last IDRM meeting (Salt Lake City IETF, end of 2001), DRM > > seems to mean different things to different people. > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > >Hello: > > > Most of you on the list will not know me, as I came in during your >period > > >of dormancy. I too have been mulling these issues, as the DRM company >that > > >I helped found (NetActive) struggled like most others in the space. > > > > > >I think there are two classes of issues here - the social-advocacy ones > > >and the technical ones. > > > > > >The social-advocacy issues are horribly subjective. The concerns were > > >well expressed in Mark's email, and we could spend thousands of words > > >debating them. For what it > > >is worth, I believe that DRM is not philosophically wrong, and further, >that > > >it is commercially necessary. However, I do not believe that the current > > >"axis of greed" between Hollywood and Washington serves the best >interests > > >of American citizens and, as a Canadian, I am very concerned about the > > >United States' efforts to impose its draconian views of copyright > > >enforcement on the rest of the world. > > > Good DRM does not have to put Big Brother on your hard drive. If it >does, > > >then the price is too high. > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > > > > I realize that some folks take the (radical) position of being against any > > development of DRM technology whatsoever. The best way to ensure Big > > Brother does not happen is to go against any work relating to DRM. The > > reality is that DRM Technology is here to stay (proprietary), whether we > > like it or not. It will ship inside PCs and in consumer electronics > > devices. I think such a position actually helps the Big Brother syndrome, > > as it does not provide an option to the general public as to alternative > > sources of technology. > > > > > > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. >The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing >special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely >about > > >things like tamper-resistance, which are proprietary and not very >amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be >suitable > > for work items in the IETF. > > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > > > > > > > > >So where does that leave the group ? Seems to me the options include: > > >1) disband > > >2) generalize the focus to a multidisciplinary one, along the lines of > > >http://www.bcdforum.org . (Though I have to confess I find that >organization > > >lacking substance.) > > >3) Find specific technical problems that are obstacles to good (i.e. > > >effective but not Orwellian) DRM, which are going begging, and in scope, > > >and work on solutions. > > > > > >I don't have a top-of-mind suggestion for #3, but it sounds like the most > > >fun! > > > > Yes, the keyword is "fun". Perhaps others on the list may have specific > > suggestions? > > > > cheers, > > > > thomas > > ------ > > > > > > > > > > > > >Other thoughts ??? > > > > > >Best Regards, > > > Gord Larose > > > > > >----- Original Message ----- > > >From: "Mark Baugher" > > >To: > > >Cc: ; "Vern Paxson" > > >Sent: Tuesday, December 10, 2002 6:43 PM > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > IDRM has obviously been dormant for about a year. > > > >SNIP< > > From PaulLambert@AirgoNetworks.Com Wed Dec 11 22:57:32 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 14:57:32 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> > Please, I do not have a business need for these emails.=20 Perhaps no one has a business reason for this committee and it should= be disbanded.=20 Business reasons for a specific technology does not guarentee that th= ere is any reason for an open interoperable standard. Paul > -----Original Message----- > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > Sent: Wednesday, December 11, 2002 2:48 PM > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > Subject: RE: [IDRM] Disband or recharter IDRM? >=20 >=20 > Please, I do not have a business need for these emails.=20 > Please, remove from the list. >=20 >=20 > -----Original Message----- > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > Sent: Wednesday, December 11, 2002 2:09 PM > To: Gord Larose > Cc: ietf-idrm@lists.elistx.com > Subject: Re: [IDRM] Disband or recharter IDRM? >=20 >=20 > At 12/11/2002||03:16 PM, Gord Larose wrote: > >Hi Thomas, > >Thanks for the feedback and update. At a high level I agree with y= ou > >completely. > > > >However, at a technical level, "Open source DRM" makes my=20 > brain hurt. It's > >hard enough hide anything in BINARY inside a PC; but like it=20 > or not, that's > >one thing DRM has to do. I should know... the NetActive=20 > technology I was > >largely responsible for addresses exactly that problem. That=20 > technology has > >never, to my knowledge, been publicly cracked... but I doubt=20 > that would have > >been true if we'd published the source ! >=20 > Yes, I agree: "open source DRM" makes my brain hurt too :) =20 > However, this=20 > seems to be the only way to provide an alternative to proprietary= =20 > technology. In many cases, perhaps the mom-and-pop=20 > "publisher" does not=20 > need 100% hack-proof DRM (maybe not even 90% hack-proof), but=20 > enough to=20 > discourage non-technical people from trying to break it. >=20 >=20 > >And from a business perspective, Mom & Pop businesses already have > >inexpensive, low-end protection technologies available e.g. from > >third-party software TBYB wrappers, or via, say, Windows=20 > Media Player DRM. > >The obstacles are more about complexity, churn, supplier=20 > viability, trust, > >and branding, than about cost or availability. >=20 > Hmm, I'm not sure I follow here. WMP is only for certain=20 > types of contents=20 > (e.g. not books, newspapers, newletters, etc). >=20 >=20 >=20 > >So we'd have to be careful about what the values of such a=20 > system were... if > >we could figure out how it would work ! > > > >Here's an entertaining thought: suppose we emphasize TRUST=20 > and CONTINUITY. > >Maybe we could even subvert Palladium and the Fritz Chip to=20 > nobler ends ? > >i.e. a system that WILL, in some sense, robustly protect=20 > content, but WILL > >NOT - as a matter of the supplier's policy - do any of the=20 > things that > >consumers and libertarians rightly fear ? And a further benefit of= an > >open-source (that may not be the right term, maybe=20 > "distributed ownership" > >is better) model could be the continuing availability of the=20 > solution e.g. > >Red Hat may die, but Linux won't. >=20 >=20 > OK, so this is a *very* interesting question. These are the types = of=20 > questions that needs to be discussed in a open forum and=20 > where pieces of it=20 > can be standardized (the way many pieces of Linux has been=20 > standardized). >=20 > cheers, >=20 > thomas > ------ >=20 >=20 >=20 > >I'm not sure how to do this, but maybe we could figure it out ! > > > >Cheers, > > Gord 8-) > > > > > > > >----- Original Message ----- > >From: "Thomas Hardjono" > >To: ; > >Sent: Wednesday, December 11, 2002 12:55 PM > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > Gord, > > > > > > I agree with most of your comments. Judging from the=20 > "emotional outcry" we > > > received at the last IDRM meeting (Salt Lake City IETF,=20 > end of 2001), DRM > > > seems to mean different things to different people. > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > >Hello: > > > > Most of you on the list will not know me, as I came=20 > in during your > >period > > > >of dormancy. I too have been mulling these issues, as=20 > the DRM company > >that > > > >I helped found (NetActive) struggled like most others in=20 > the space. > > > > > > > >I think there are two classes of issues here - the=20 > social-advocacy ones > > > >and the technical ones. > > > > > > > >The social-advocacy issues are horribly subjective. The=20 > concerns were > > > >well expressed in Mark's email, and we could spend=20 > thousands of words > > > >debating them. For what it > > > >is worth, I believe that DRM is not philosophically=20 > wrong, and further, > >that > > > >it is commercially necessary. However, I do not believe=20 > that the current > > > >"axis of greed" between Hollywood and Washington serves the be= st > >interests > > > >of American citizens and, as a Canadian, I am very=20 > concerned about the > > > >United States' efforts to impose its draconian views of copyri= ght > > > >enforcement on the rest of the world. > > > > Good DRM does not have to put Big Brother on your hard=20 > drive. If it > >does, > > > >then the price is too high. > > > > > > Right. So one of the notions we put forward in the IETF=20 > was: is it at all > > > possible to create "open-source DRM technologies", so that smal= l > > > mom-and-pop publishers need not pay $$$ for proprietary=20 > solutions. The > > > analogy is that with Linux and the Apache webserver,=20 > which are available > > > for around $30. > > > Another useful comparison in the RSA encryption=20 > algorithm, which is good > > > technology, well understood, standardized and now finally=20 > over the patent > > > hurdle. > > > > > > I realize that some folks take the (radical) position of=20 > being against any > > > development of DRM technology whatsoever. The best way=20 > to ensure Big > > > Brother does not happen is to go against any work=20 > relating to DRM. The > > > reality is that DRM Technology is here to stay=20 > (proprietary), whether we > > > like it or not. It will ship inside PCs and in consumer=20 > electronics > > > devices. I think such a position actually helps the Big=20 > Brother syndrome, > > > as it does not provide an option to the general public as=20 > to alternative > > > sources of technology. > > > > > > > > > > > > >On a philosophical level then, I say there is a need for=20 > smart people to > > > >build workable DRM that citizens can live with. > > > > > > > >The point issue of this technical group's mandate is=20 > much clearer IMO. > >The > > > >core > > > >technology challenges for DRM are terminal node=20 > challenges, not network > > > >challenges. Sure, a network is usually involved, but DRM=20 > is nothing > >special > > > >for the network. DRM's basic network needs are nothing=20 > harder than > > > >http/https over tcp/ip. And the terminal mode challenges=20 > are largely > >about > > > >things like tamper-resistance, which are proprietary and not v= ery > >amenable > > > >to > > > >standardization. It's not something where an IETF group=20 > adds much value. > > > > > > Right. This is where the word "DRM" is I think a=20 > misnomer for the IETF > > > efforts. You are absolutely right, that DRM is indeed=20 > "terminal node > > > challenges" (ie. development of rights-enforcing=20 > terminals), which is not > > > the traditional area of work for the IETF. > > > > > > However, there some network issues that is part of what I=20 > call the "DRM > > > macrocosm", which included functions relating to=20 > look-ups, secure network > > > storage, transaction clearinghouse, etc. These would appear to= be > >suitable > > > for work items in the IETF. > > > > > > Thus, one possible change to IDRM is a new name that is=20 > less likely to be > > > controversial. > > > > > > > > > > > > >So where does that leave the group ? Seems to me the=20 > options include: > > > >1) disband > > > >2) generalize the focus to a multidisciplinary one,=20 > along the lines of > > > >http://www.bcdforum.org . (Though I have to confess I find tha= t > >organization > > > >lacking substance.) > > > >3) Find specific technical problems that are obstacles=20 > to good (i.e. > > > >effective but not Orwellian) DRM, which are going=20 > begging, and in scope, > > > >and work on solutions. > > > > > > > >I don't have a top-of-mind suggestion for #3, but it=20 > sounds like the most > > > >fun! > > > > > > Yes, the keyword is "fun". Perhaps others on the list=20 > may have specific > > > suggestions? > > > > > > cheers, > > > > > > thomas > > > ------ > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > >Best Regards, > > > > Gord Larose > > > > > > > >----- Original Message ----- > > > >From: "Mark Baugher" > > > >To: > > > >Cc: ; "Vern Paxson" > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > >SNIP< > > > >=20 From thardjono@yahoo.com Wed Dec 11 22:37:51 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 17:37:51 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xero x.com> Message-ID: <5.0.0.25.2.20021211173145.01977ed0@vhqpostal3.verisign.com> Hi Jessica, At 12/11/2002||01:56 PM, staddon@parc.com wrote: >I've only joined the mailing list recently and am still a bit fuzzy on the >goals of IRTF working groups in general. That's fine: we're all rather fuzzy as the group has been dormant for over a year:) >That said, I think there are a number of interesting areas in which new >(crypto) technology is needed and that could be taken up as part of Gord's >option #3. One easy example if copy protection for digital tv. Perhaps the >group could recommend approaches that allow for normal use (e.g. the >ability to view recorded programs on any of a user's players) but make >large-scale piracy difficult. This seems like a topic that falls into the "terminal protection" area, ala MPEG4-IPMP. In fact, I think its is the goal of many PVR makers to ensure that this function is available and difficult to copy. Many also want to provide "mobility" of content, meaning that the user can easily move content from one tamper-proof storage to another (but never to the user's PC). >In addition, with the activity around microbroadcasters this past summer, >there also seems to be a need for technology that can better measure the >audience size of content distributors. Such technology could potentially >protect small distributors by keeping their licensing fees low but still >be fair DRM-wise (Rob Johnson and I did some work in this area but I think >there's still much to be done). Actually, this is an issue that no one has brought-up in the IETF, but would be of interest to folks in the IETF who do traffic shaping and traffic management. cheers, thomas ------ >These are very much off the top of my head and I'm sure there are more and >better candidates. In any case, I would like to see the group resume activity. > >Jessica Staddon > >-----Original Message----- >From: Paul Judge [mailto:judge@cc.gatech.edu] >Sent: Wednesday, December 11, 2002 1:21 PM >To: Thomas Hardjono >Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com >Subject: Re: [IDRM] Disband or recharter IDRM? > > > >On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > >I think that this is a reasonable strategy and a worthy goal. We were >working on some content protection architectures here that have very >similiar motivations. An open-source standards-based DRM system would >enable the small content providers as well as provide an alternative to >multiple proprietary formats and systems. > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing > special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely about > > >things like tamper-resistance, which are proprietary and not very amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be suitable > > for work items in the IETF. > >The way that I've been thinking about this is that DRM tries to solve >three problems: 1) secure distribution/conditional access, 2) protected >storage, and 3) output protection. True, #3 is largely about 'terminal >node challenges', but #1 and #2 largely include distribution architectures >and supporting systems. I believe that there is room in these areas for >IETF work. > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > >Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >the confusion since DRM is such an overloaded term. If the focus becomes >protected distribution and protected storage areas, then how about a name >to describe that as opposed to the output protection area. > > >>3) Find specific technical problems that are obstacles to good (i.e. > >>effective but not Orwellian) DRM, which are going begging, and in scope, > >>and work on solutions. > >> > >>I don't have a top-of-mind suggestion for #3, but it sounds like the >most > >>fun! > > >>Yes, the keyword is "fun". Perhaps others on the list may have specific > >>suggestions? > >based on what i've worked on before, there are a few things that come to >mind. there are a few components that must exist in a protected >distribution/storage environment: secure content objects, content object >importation system, ACL servers (1 that assigns rights and 1 that can be >used to lookup rights based on a user, role, or object), authorization >protocols, etc. > >with that said, my two cents is: 'recharter'. > >Regards, >Paul > >___________________________ >Paul Judge, Ph.D. Candidate >Georgia Tech >judge@cc.gatech.edu From thardjono@yahoo.com Wed Dec 11 23:07:46 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Wed, 11 Dec 2002 18:07:46 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> Message-ID: <5.0.0.25.2.20021211180329.03c51e80@pop.mail.yahoo.com> Paul, Thanks for your input. We're trying to see if there needs to be a place for discussion regarding DRM-related issues. These discussion may or may not result in standards. I think there is a role for the IETF/IRTF in addressing some of the issues outlined earlier by Paul Judge. cheers, thomas ------ At 12/11/2002||02:57 PM, Paul Lambert wrote: > > Please, I do not have a business need for these emails. > >Perhaps no one has a business reason for this committee and it should be >disbanded. > >Business reasons for a specific technology does not guarentee that there >is any reason for an open interoperable standard. > > >Paul > > > -----Original Message----- > > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > > Sent: Wednesday, December 11, 2002 2:48 PM > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > Please, I do not have a business need for these emails. > > Please, remove from the list. > > > > > > -----Original Message----- > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > Sent: Wednesday, December 11, 2002 2:09 PM > > To: Gord Larose > > Cc: ietf-idrm@lists.elistx.com > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > >Hi Thomas, > > >Thanks for the feedback and update. At a high level I agree with you > > >completely. > > > > > >However, at a technical level, "Open source DRM" makes my > > brain hurt. It's > > >hard enough hide anything in BINARY inside a PC; but like it > > or not, that's > > >one thing DRM has to do. I should know... the NetActive > > technology I was > > >largely responsible for addresses exactly that problem. That > > technology has > > >never, to my knowledge, been publicly cracked... but I doubt > > that would have > > >been true if we'd published the source ! > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > However, this > > seems to be the only way to provide an alternative to proprietary > > technology. In many cases, perhaps the mom-and-pop > > "publisher" does not > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > enough to > > discourage non-technical people from trying to break it. > > > > > > >And from a business perspective, Mom & Pop businesses already have > > >inexpensive, low-end protection technologies available e.g. from > > >third-party software TBYB wrappers, or via, say, Windows > > Media Player DRM. > > >The obstacles are more about complexity, churn, supplier > > viability, trust, > > >and branding, than about cost or availability. > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > types of contents > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > >So we'd have to be careful about what the values of such a > > system were... if > > >we could figure out how it would work ! > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > and CONTINUITY. > > >Maybe we could even subvert Palladium and the Fritz Chip to > > nobler ends ? > > >i.e. a system that WILL, in some sense, robustly protect > > content, but WILL > > >NOT - as a matter of the supplier's policy - do any of the > > things that > > >consumers and libertarians rightly fear ? And a further benefit of an > > >open-source (that may not be the right term, maybe > > "distributed ownership" > > >is better) model could be the continuing availability of the > > solution e.g. > > >Red Hat may die, but Linux won't. > > > > > > OK, so this is a *very* interesting question. These are the types of > > questions that needs to be discussed in a open forum and > > where pieces of it > > can be standardized (the way many pieces of Linux has been > > standardized). > > > > cheers, > > > > thomas > > ------ > > > > > > > > >I'm not sure how to do this, but maybe we could figure it out ! > > > > > >Cheers, > > > Gord 8-) > > > > > > > > > > > >----- Original Message ----- > > >From: "Thomas Hardjono" > > >To: ; > > >Sent: Wednesday, December 11, 2002 12:55 PM > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > Gord, > > > > > > > > I agree with most of your comments. Judging from the > > "emotional outcry" we > > > > received at the last IDRM meeting (Salt Lake City IETF, > > end of 2001), DRM > > > > seems to mean different things to different people. > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > >Hello: > > > > > Most of you on the list will not know me, as I came > > in during your > > >period > > > > >of dormancy. I too have been mulling these issues, as > > the DRM company > > >that > > > > >I helped found (NetActive) struggled like most others in > > the space. > > > > > > > > > >I think there are two classes of issues here - the > > social-advocacy ones > > > > >and the technical ones. > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > concerns were > > > > >well expressed in Mark's email, and we could spend > > thousands of words > > > > >debating them. For what it > > > > >is worth, I believe that DRM is not philosophically > > wrong, and further, > > >that > > > > >it is commercially necessary. However, I do not believe > > that the current > > > > >"axis of greed" between Hollywood and Washington serves the best > > >interests > > > > >of American citizens and, as a Canadian, I am very > > concerned about the > > > > >United States' efforts to impose its draconian views of copyright > > > > >enforcement on the rest of the world. > > > > > Good DRM does not have to put Big Brother on your hard > > drive. If it > > >does, > > > > >then the price is too high. > > > > > > > > Right. So one of the notions we put forward in the IETF > > was: is it at all > > > > possible to create "open-source DRM technologies", so that small > > > > mom-and-pop publishers need not pay $$$ for proprietary > > solutions. The > > > > analogy is that with Linux and the Apache webserver, > > which are available > > > > for around $30. > > > > Another useful comparison in the RSA encryption > > algorithm, which is good > > > > technology, well understood, standardized and now finally > > over the patent > > > > hurdle. > > > > > > > > I realize that some folks take the (radical) position of > > being against any > > > > development of DRM technology whatsoever. The best way > > to ensure Big > > > > Brother does not happen is to go against any work > > relating to DRM. The > > > > reality is that DRM Technology is here to stay > > (proprietary), whether we > > > > like it or not. It will ship inside PCs and in consumer > > electronics > > > > devices. I think such a position actually helps the Big > > Brother syndrome, > > > > as it does not provide an option to the general public as > > to alternative > > > > sources of technology. > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > smart people to > > > > >build workable DRM that citizens can live with. > > > > > > > > > >The point issue of this technical group's mandate is > > much clearer IMO. > > >The > > > > >core > > > > >technology challenges for DRM are terminal node > > challenges, not network > > > > >challenges. Sure, a network is usually involved, but DRM > > is nothing > > >special > > > > >for the network. DRM's basic network needs are nothing > > harder than > > > > >http/https over tcp/ip. And the terminal mode challenges > > are largely > > >about > > > > >things like tamper-resistance, which are proprietary and not very > > >amenable > > > > >to > > > > >standardization. It's not something where an IETF group > > adds much value. > > > > > > > > Right. This is where the word "DRM" is I think a > > misnomer for the IETF > > > > efforts. You are absolutely right, that DRM is indeed > > "terminal node > > > > challenges" (ie. development of rights-enforcing > > terminals), which is not > > > > the traditional area of work for the IETF. > > > > > > > > However, there some network issues that is part of what I > > call the "DRM > > > > macrocosm", which included functions relating to > > look-ups, secure network > > > > storage, transaction clearinghouse, etc. These would appear to be > > >suitable > > > > for work items in the IETF. > > > > > > > > Thus, one possible change to IDRM is a new name that is > > less likely to be > > > > controversial. > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > options include: > > > > >1) disband > > > > >2) generalize the focus to a multidisciplinary one, > > along the lines of > > > > >http://www.bcdforum.org . (Though I have to confess I find that > > >organization > > > > >lacking substance.) > > > > >3) Find specific technical problems that are obstacles > > to good (i.e. > > > > >effective but not Orwellian) DRM, which are going > > begging, and in scope, > > > > >and work on solutions. > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > sounds like the most > > > > >fun! > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > may have specific > > > > suggestions? > > > > > > > > cheers, > > > > > > > > thomas > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > >Best Regards, > > > > > Gord Larose > > > > > > > > > >----- Original Message ----- > > > > >From: "Mark Baugher" > > > > >To: > > > > >Cc: ; "Vern Paxson" > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > >SNIP< > > > > > > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From mbaugher@cisco.com Wed Dec 11 23:06:05 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Wed, 11 Dec 2002 15:06:05 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xero x.com> Message-ID: <5.1.1.5.2.20021211144857.04974fe8@mira-sjc5-6.cisco.com> Jessica At 01:56 PM 12/11/2002 -0800, staddon@parc.com wrote: >I've only joined the mailing list recently and am still a bit fuzzy on the >goals of IRTF working groups in general. That said, I think there are a >number of interesting areas in which new (crypto) technology is needed and >that could be taken up as part of Gord's option #3. One easy example if >copy protection for digital tv. New cryptography can also be evaluated in the Crypto Forum Research Group (CFRG). >Perhaps the group could recommend approaches that allow for normal use >(e.g. the ability to view recorded programs on any of a user's players) >but make large-scale piracy difficult. I think that the opposite may be the case (viz. the darknet paper at http://crypto.stanford.edu/DRM2002/prog.html). I think setting up a peer-to-peer content trading node is a known amount of effort and cost (real expenses and/or opportunity cost). I think that the cost of illegal content trading, however, is too high for most consumers who are not college students. For the rest of us, very simple mechanisms should suffice. More complex mechanisms will force more people to darknet. >In addition, with the activity around microbroadcasters this past summer, >there also seems to be a need for technology that can better measure the >audience size of content distributors. Such technology could potentially >protect small distributors by keeping their licensing fees low but still >be fair DRM-wise (Rob Johnson and I did some work in this area but I think >there's still much to be done). I heard a presentation from some people at Yahoo! that asked for the same thing. >These are very much off the top of my head and I'm sure there are more and >better candidates. In any case, I would like to see the group resume activity. Thanks, Mark >Jessica Staddon > >-----Original Message----- >From: Paul Judge [mailto:judge@cc.gatech.edu] >Sent: Wednesday, December 11, 2002 1:21 PM >To: Thomas Hardjono >Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com >Subject: Re: [IDRM] Disband or recharter IDRM? > > > >On Wed, 11 Dec 2002, Thomas Hardjono wrote: > > > > Right. So one of the notions we put forward in the IETF was: is it at all > > possible to create "open-source DRM technologies", so that small > > mom-and-pop publishers need not pay $$$ for proprietary solutions. The > > analogy is that with Linux and the Apache webserver, which are available > > for around $30. > > Another useful comparison in the RSA encryption algorithm, which is good > > technology, well understood, standardized and now finally over the patent > > hurdle. > >I think that this is a reasonable strategy and a worthy goal. We were >working on some content protection architectures here that have very >similiar motivations. An open-source standards-based DRM system would >enable the small content providers as well as provide an alternative to >multiple proprietary formats and systems. > > > >On a philosophical level then, I say there is a need for smart people to > > >build workable DRM that citizens can live with. > > > > > >The point issue of this technical group's mandate is much clearer IMO. The > > >core > > >technology challenges for DRM are terminal node challenges, not network > > >challenges. Sure, a network is usually involved, but DRM is nothing > special > > >for the network. DRM's basic network needs are nothing harder than > > >http/https over tcp/ip. And the terminal mode challenges are largely about > > >things like tamper-resistance, which are proprietary and not very amenable > > >to > > >standardization. It's not something where an IETF group adds much value. > > > > Right. This is where the word "DRM" is I think a misnomer for the IETF > > efforts. You are absolutely right, that DRM is indeed "terminal node > > challenges" (ie. development of rights-enforcing terminals), which is not > > the traditional area of work for the IETF. > > > > However, there some network issues that is part of what I call the "DRM > > macrocosm", which included functions relating to look-ups, secure network > > storage, transaction clearinghouse, etc. These would appear to be suitable > > for work items in the IETF. > >The way that I've been thinking about this is that DRM tries to solve >three problems: 1) secure distribution/conditional access, 2) protected >storage, and 3) output protection. True, #3 is largely about 'terminal >node challenges', but #1 and #2 largely include distribution architectures >and supporting systems. I believe that there is room in these areas for >IETF work. > > > Thus, one possible change to IDRM is a new name that is less likely to be > > controversial. > >Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >the confusion since DRM is such an overloaded term. If the focus becomes >protected distribution and protected storage areas, then how about a name >to describe that as opposed to the output protection area. > > >>3) Find specific technical problems that are obstacles to good (i.e. > >>effective but not Orwellian) DRM, which are going begging, and in scope, > >>and work on solutions. > >> > >>I don't have a top-of-mind suggestion for #3, but it sounds like the >most > >>fun! > > >>Yes, the keyword is "fun". Perhaps others on the list may have specific > >>suggestions? > >based on what i've worked on before, there are a few things that come to >mind. there are a few components that must exist in a protected >distribution/storage environment: secure content objects, content object >importation system, ACL servers (1 that assigns rights and 1 that can be >used to lookup rights based on a user, role, or object), authorization >protocols, etc. > >with that said, my two cents is: 'recharter'. > >Regards, >Paul > >___________________________ >Paul Judge, Ph.D. Candidate >Georgia Tech >judge@cc.gatech.edu From mbaugher@cisco.com Wed Dec 11 23:22:27 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Wed, 11 Dec 2002 15:22:27 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> Message-ID: <5.1.1.5.2.20021211151947.084878a8@mira-sjc5-6.cisco.com> At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: > > Please, I do not have a business need for these emails. > >Perhaps no one has a business reason for this committee and it should be >disbanded. Just so we are all on the same page, a stated "business reason" is not among the criteria used to establish and guide an Internet Research Task Force (IRTF) Research Group such as IDRM (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) Mark >Business reasons for a specific technology does not guarentee that there >is any reason for an open interoperable standard. > > >Paul > > > -----Original Message----- > > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > > Sent: Wednesday, December 11, 2002 2:48 PM > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > Please, I do not have a business need for these emails. > > Please, remove from the list. > > > > > > -----Original Message----- > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > Sent: Wednesday, December 11, 2002 2:09 PM > > To: Gord Larose > > Cc: ietf-idrm@lists.elistx.com > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > >Hi Thomas, > > >Thanks for the feedback and update. At a high level I agree with you > > >completely. > > > > > >However, at a technical level, "Open source DRM" makes my > > brain hurt. It's > > >hard enough hide anything in BINARY inside a PC; but like it > > or not, that's > > >one thing DRM has to do. I should know... the NetActive > > technology I was > > >largely responsible for addresses exactly that problem. That > > technology has > > >never, to my knowledge, been publicly cracked... but I doubt > > that would have > > >been true if we'd published the source ! > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > However, this > > seems to be the only way to provide an alternative to proprietary > > technology. In many cases, perhaps the mom-and-pop > > "publisher" does not > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > enough to > > discourage non-technical people from trying to break it. > > > > > > >And from a business perspective, Mom & Pop businesses already have > > >inexpensive, low-end protection technologies available e.g. from > > >third-party software TBYB wrappers, or via, say, Windows > > Media Player DRM. > > >The obstacles are more about complexity, churn, supplier > > viability, trust, > > >and branding, than about cost or availability. > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > types of contents > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > >So we'd have to be careful about what the values of such a > > system were... if > > >we could figure out how it would work ! > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > and CONTINUITY. > > >Maybe we could even subvert Palladium and the Fritz Chip to > > nobler ends ? > > >i.e. a system that WILL, in some sense, robustly protect > > content, but WILL > > >NOT - as a matter of the supplier's policy - do any of the > > things that > > >consumers and libertarians rightly fear ? And a further benefit of an > > >open-source (that may not be the right term, maybe > > "distributed ownership" > > >is better) model could be the continuing availability of the > > solution e.g. > > >Red Hat may die, but Linux won't. > > > > > > OK, so this is a *very* interesting question. These are the types of > > questions that needs to be discussed in a open forum and > > where pieces of it > > can be standardized (the way many pieces of Linux has been > > standardized). > > > > cheers, > > > > thomas > > ------ > > > > > > > > >I'm not sure how to do this, but maybe we could figure it out ! > > > > > >Cheers, > > > Gord 8-) > > > > > > > > > > > >----- Original Message ----- > > >From: "Thomas Hardjono" > > >To: ; > > >Sent: Wednesday, December 11, 2002 12:55 PM > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > Gord, > > > > > > > > I agree with most of your comments. Judging from the > > "emotional outcry" we > > > > received at the last IDRM meeting (Salt Lake City IETF, > > end of 2001), DRM > > > > seems to mean different things to different people. > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > >Hello: > > > > > Most of you on the list will not know me, as I came > > in during your > > >period > > > > >of dormancy. I too have been mulling these issues, as > > the DRM company > > >that > > > > >I helped found (NetActive) struggled like most others in > > the space. > > > > > > > > > >I think there are two classes of issues here - the > > social-advocacy ones > > > > >and the technical ones. > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > concerns were > > > > >well expressed in Mark's email, and we could spend > > thousands of words > > > > >debating them. For what it > > > > >is worth, I believe that DRM is not philosophically > > wrong, and further, > > >that > > > > >it is commercially necessary. However, I do not believe > > that the current > > > > >"axis of greed" between Hollywood and Washington serves the best > > >interests > > > > >of American citizens and, as a Canadian, I am very > > concerned about the > > > > >United States' efforts to impose its draconian views of copyright > > > > >enforcement on the rest of the world. > > > > > Good DRM does not have to put Big Brother on your hard > > drive. If it > > >does, > > > > >then the price is too high. > > > > > > > > Right. So one of the notions we put forward in the IETF > > was: is it at all > > > > possible to create "open-source DRM technologies", so that small > > > > mom-and-pop publishers need not pay $$$ for proprietary > > solutions. The > > > > analogy is that with Linux and the Apache webserver, > > which are available > > > > for around $30. > > > > Another useful comparison in the RSA encryption > > algorithm, which is good > > > > technology, well understood, standardized and now finally > > over the patent > > > > hurdle. > > > > > > > > I realize that some folks take the (radical) position of > > being against any > > > > development of DRM technology whatsoever. The best way > > to ensure Big > > > > Brother does not happen is to go against any work > > relating to DRM. The > > > > reality is that DRM Technology is here to stay > > (proprietary), whether we > > > > like it or not. It will ship inside PCs and in consumer > > electronics > > > > devices. I think such a position actually helps the Big > > Brother syndrome, > > > > as it does not provide an option to the general public as > > to alternative > > > > sources of technology. > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > smart people to > > > > >build workable DRM that citizens can live with. > > > > > > > > > >The point issue of this technical group's mandate is > > much clearer IMO. > > >The > > > > >core > > > > >technology challenges for DRM are terminal node > > challenges, not network > > > > >challenges. Sure, a network is usually involved, but DRM > > is nothing > > >special > > > > >for the network. DRM's basic network needs are nothing > > harder than > > > > >http/https over tcp/ip. And the terminal mode challenges > > are largely > > >about > > > > >things like tamper-resistance, which are proprietary and not very > > >amenable > > > > >to > > > > >standardization. It's not something where an IETF group > > adds much value. > > > > > > > > Right. This is where the word "DRM" is I think a > > misnomer for the IETF > > > > efforts. You are absolutely right, that DRM is indeed > > "terminal node > > > > challenges" (ie. development of rights-enforcing > > terminals), which is not > > > > the traditional area of work for the IETF. > > > > > > > > However, there some network issues that is part of what I > > call the "DRM > > > > macrocosm", which included functions relating to > > look-ups, secure network > > > > storage, transaction clearinghouse, etc. These would appear to be > > >suitable > > > > for work items in the IETF. > > > > > > > > Thus, one possible change to IDRM is a new name that is > > less likely to be > > > > controversial. > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > options include: > > > > >1) disband > > > > >2) generalize the focus to a multidisciplinary one, > > along the lines of > > > > >http://www.bcdforum.org . (Though I have to confess I find that > > >organization > > > > >lacking substance.) > > > > >3) Find specific technical problems that are obstacles > > to good (i.e. > > > > >effective but not Orwellian) DRM, which are going > > begging, and in scope, > > > > >and work on solutions. > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > sounds like the most > > > > >fun! > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > may have specific > > > > suggestions? > > > > > > > > cheers, > > > > > > > > thomas > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > >Best Regards, > > > > > Gord Larose > > > > > > > > > >----- Original Message ----- > > > > >From: "Mark Baugher" > > > > >To: > > > > >Cc: ; "Vern Paxson" > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > >SNIP< > > > > > > From mbaugher@cisco.com Wed Dec 11 23:27:09 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Wed, 11 Dec 2002 15:27:09 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <5.0.0.25.2.20021211173145.01977ed0@vhqpostal3.verisign.com> References: <839BE2CA5177D3119C7000508B11F5DB01EBEA03@dagobah.parc.xero x.com> Message-ID: <5.1.1.5.2.20021211152520.08409590@mira-sjc5-6.cisco.com> hi Thomas At 05:37 PM 12/11/2002 -0500, Thomas Hardjono wrote: <...> >>In addition, with the activity around microbroadcasters this past summer, >>there also seems to be a need for technology that can better measure the >>audience size of content distributors. Such technology could potentially >>protect small distributors by keeping their licensing fees low but still >>be fair DRM-wise (Rob Johnson and I did some work in this area but I >>think there's still much to be done). > > >Actually, this is an issue that no one has brought-up in the IETF, but >would be of interest to folks in the IETF who do traffic shaping and >traffic management. I think it's a different critter than that: The application that Jessica cites is more like an interface to a clearinghouse Mark >cheers, > >thomas >------ > > >>These are very much off the top of my head and I'm sure there are more >>and better candidates. In any case, I would like to see the group resume >>activity. >> >>Jessica Staddon >> >>-----Original Message----- >>From: Paul Judge [mailto:judge@cc.gatech.edu] >>Sent: Wednesday, December 11, 2002 1:21 PM >>To: Thomas Hardjono >>Cc: glarose@info-mech.com; ietf-idrm@lists.elistx.com >>Subject: Re: [IDRM] Disband or recharter IDRM? >> >> >> >>On Wed, 11 Dec 2002, Thomas Hardjono wrote: >> > >> > Right. So one of the notions we put forward in the IETF was: is it at all >> > possible to create "open-source DRM technologies", so that small >> > mom-and-pop publishers need not pay $$$ for proprietary solutions. The >> > analogy is that with Linux and the Apache webserver, which are available >> > for around $30. >> > Another useful comparison in the RSA encryption algorithm, which is good >> > technology, well understood, standardized and now finally over the patent >> > hurdle. >> >>I think that this is a reasonable strategy and a worthy goal. We were >>working on some content protection architectures here that have very >>similiar motivations. An open-source standards-based DRM system would >>enable the small content providers as well as provide an alternative to >>multiple proprietary formats and systems. >> >> > >On a philosophical level then, I say there is a need for smart people to >> > >build workable DRM that citizens can live with. >> > > >> > >The point issue of this technical group's mandate is much clearer >> IMO. The >> > >core >> > >technology challenges for DRM are terminal node challenges, not network >> > >challenges. Sure, a network is usually involved, but DRM is nothing >> special >> > >for the network. DRM's basic network needs are nothing harder than >> > >http/https over tcp/ip. And the terminal mode challenges are largely >> about >> > >things like tamper-resistance, which are proprietary and not very >> amenable >> > >to >> > >standardization. It's not something where an IETF group adds much value. >> > >> > Right. This is where the word "DRM" is I think a misnomer for the IETF >> > efforts. You are absolutely right, that DRM is indeed "terminal node >> > challenges" (ie. development of rights-enforcing terminals), which is not >> > the traditional area of work for the IETF. >> > >> > However, there some network issues that is part of what I call the "DRM >> > macrocosm", which included functions relating to look-ups, secure network >> > storage, transaction clearinghouse, etc. These would appear to be >> suitable >> > for work items in the IETF. >> >>The way that I've been thinking about this is that DRM tries to solve >>three problems: 1) secure distribution/conditional access, 2) protected >>storage, and 3) output protection. True, #3 is largely about 'terminal >>node challenges', but #1 and #2 largely include distribution architectures >>and supporting systems. I believe that there is room in these areas for >>IETF work. >> >> > Thus, one possible change to IDRM is a new name that is less likely to be >> > controversial. >> >>Couldn't hurt. Even if it doesn't reduce the controversy, it may reduce >>the confusion since DRM is such an overloaded term. If the focus becomes >>protected distribution and protected storage areas, then how about a name >>to describe that as opposed to the output protection area. >> >> >>3) Find specific technical problems that are obstacles to good (i.e. >> >>effective but not Orwellian) DRM, which are going begging, and in scope, >> >>and work on solutions. >> >> >> >>I don't have a top-of-mind suggestion for #3, but it sounds like the >>most >> >>fun! >> >> >>Yes, the keyword is "fun". Perhaps others on the list may have specific >> >>suggestions? >> >>based on what i've worked on before, there are a few things that come to >>mind. there are a few components that must exist in a protected >>distribution/storage environment: secure content objects, content object >>importation system, ACL servers (1 that assigns rights and 1 that can be >>used to lookup rights based on a user, role, or object), authorization >>protocols, etc. >> >>with that said, my two cents is: 'recharter'. >> >>Regards, >>Paul >> >>___________________________ >>Paul Judge, Ph.D. Candidate >>Georgia Tech >>judge@cc.gatech.edu From lisarein@finetuning.com Thu Dec 12 00:38:56 2002 From: lisarein@finetuning.com (Lisa Rein) Date: Wed, 11 Dec 2002 16:38:56 -0800 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> References: <3FFBC907DD03A34CA4410C5C745DEB12E7A178@wnimail.woodsidenet.com> Message-ID: <3DF7DAA0.1020303@finetuning.com> Hi Paul, On the contrary. Business reasons for a specific technology are *exactly* what defines the need for an open interoperable standard. Thanks, Lisa Rein http://www.finetuning.com Paul Lambert wrote: > Perhaps no one has a business reason for this committee and it should be disbanded. > > Business reasons for a specific technology does not guarentee that there is any reason for an open interoperable standard. > > > Paul > > >>-----Original Message----- >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] >>Sent: Wednesday, December 11, 2002 2:48 PM >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >>'glarose@info-mech.com'; 'mbaugher@cisco.com' >>Subject: RE: [IDRM] Disband or recharter IDRM? >> >> >>Please, I do not have a business need for these emails. >>Please, remove from the list. >> >> >>-----Original Message----- >>From: Thomas Hardjono [mailto:thardjono@yahoo.com] >>Sent: Wednesday, December 11, 2002 2:09 PM >>To: Gord Larose >>Cc: ietf-idrm@lists.elistx.com >>Subject: Re: [IDRM] Disband or recharter IDRM? >> >> >>At 12/11/2002||03:16 PM, Gord Larose wrote: >> >>>Hi Thomas, >>>Thanks for the feedback and update. At a high level I agree with you >>>completely. >>> >>>However, at a technical level, "Open source DRM" makes my >> >>brain hurt. It's >> >>>hard enough hide anything in BINARY inside a PC; but like it >> >>or not, that's >> >>>one thing DRM has to do. I should know... the NetActive >> >>technology I was >> >>>largely responsible for addresses exactly that problem. That >> >>technology has >> >>>never, to my knowledge, been publicly cracked... but I doubt >> >>that would have >> >>>been true if we'd published the source ! >> >>Yes, I agree: "open source DRM" makes my brain hurt too :) >>However, this >>seems to be the only way to provide an alternative to proprietary >>technology. In many cases, perhaps the mom-and-pop >>"publisher" does not >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but >>enough to >>discourage non-technical people from trying to break it. >> >> >> >>>And from a business perspective, Mom & Pop businesses already have >>>inexpensive, low-end protection technologies available e.g. from >>>third-party software TBYB wrappers, or via, say, Windows >> >>Media Player DRM. >> >>>The obstacles are more about complexity, churn, supplier >> >>viability, trust, >> >>>and branding, than about cost or availability. >> >>Hmm, I'm not sure I follow here. WMP is only for certain >>types of contents >>(e.g. not books, newspapers, newletters, etc). >> >> >> >> >>>So we'd have to be careful about what the values of such a >> >>system were... if >> >>>we could figure out how it would work ! >>> >>>Here's an entertaining thought: suppose we emphasize TRUST >> >>and CONTINUITY. >> >>>Maybe we could even subvert Palladium and the Fritz Chip to >> >>nobler ends ? >> >>>i.e. a system that WILL, in some sense, robustly protect >> >>content, but WILL >> >>>NOT - as a matter of the supplier's policy - do any of the >> >>things that >> >>>consumers and libertarians rightly fear ? And a further benefit of an >>>open-source (that may not be the right term, maybe >> >>"distributed ownership" >> >>>is better) model could be the continuing availability of the >> >>solution e.g. >> >>>Red Hat may die, but Linux won't. >> >> >>OK, so this is a *very* interesting question. These are the types of >>questions that needs to be discussed in a open forum and >>where pieces of it >>can be standardized (the way many pieces of Linux has been >>standardized). >> >>cheers, >> >>thomas >>------ >> >> >> >> >>>I'm not sure how to do this, but maybe we could figure it out ! >>> >>>Cheers, >>> Gord 8-) >>> >>> >>> >>>----- Original Message ----- >>>From: "Thomas Hardjono" >>>To: ; >>>Sent: Wednesday, December 11, 2002 12:55 PM >>>Subject: Re: [IDRM] Disband or recharter IDRM? >>> >>> >>> >>>>Gord, >>>> >>>>I agree with most of your comments. Judging from the >> >>"emotional outcry" we >> >>>>received at the last IDRM meeting (Salt Lake City IETF, >> >>end of 2001), DRM >> >>>>seems to mean different things to different people. >>>> >>>> >>>>At 12/11/2002||09:23 AM, Gord Larose wrote: >>>> >>>>>Hello: >>>>> Most of you on the list will not know me, as I came >> >>in during your >> >>>period >>> >>>>>of dormancy. I too have been mulling these issues, as >> >>the DRM company >> >>>that >>> >>>>>I helped found (NetActive) struggled like most others in >> >>the space. >> >>>>>I think there are two classes of issues here - the >> >>social-advocacy ones >> >>>>>and the technical ones. >>>>> >>>>>The social-advocacy issues are horribly subjective. The >> >>concerns were >> >>>>>well expressed in Mark's email, and we could spend >> >>thousands of words >> >>>>>debating them. For what it >>>>>is worth, I believe that DRM is not philosophically >> >>wrong, and further, >> >>>that >>> >>>>>it is commercially necessary. However, I do not believe >> >>that the current >> >>>>>"axis of greed" between Hollywood and Washington serves the best >>> >>>interests >>> >>>>>of American citizens and, as a Canadian, I am very >> >>concerned about the >> >>>>>United States' efforts to impose its draconian views of copyright >>>>>enforcement on the rest of the world. >>>>> Good DRM does not have to put Big Brother on your hard >> >>drive. If it >> >>>does, >>> >>>>>then the price is too high. >>>> >>>>Right. So one of the notions we put forward in the IETF >> >>was: is it at all >> >>>>possible to create "open-source DRM technologies", so that small >>>>mom-and-pop publishers need not pay $$$ for proprietary >> >>solutions. The >> >>>>analogy is that with Linux and the Apache webserver, >> >>which are available >> >>>>for around $30. >>>>Another useful comparison in the RSA encryption >> >>algorithm, which is good >> >>>>technology, well understood, standardized and now finally >> >>over the patent >> >>>>hurdle. >>>> >>>>I realize that some folks take the (radical) position of >> >>being against any >> >>>>development of DRM technology whatsoever. The best way >> >>to ensure Big >> >>>>Brother does not happen is to go against any work >> >>relating to DRM. The >> >>>>reality is that DRM Technology is here to stay >> >>(proprietary), whether we >> >>>>like it or not. It will ship inside PCs and in consumer >> >>electronics >> >>>>devices. I think such a position actually helps the Big >> >>Brother syndrome, >> >>>>as it does not provide an option to the general public as >> >>to alternative >> >>>>sources of technology. >>>> >>>> >>>> >>>> >>>>>On a philosophical level then, I say there is a need for >> >>smart people to >> >>>>>build workable DRM that citizens can live with. >>>>> >>>>>The point issue of this technical group's mandate is >> >>much clearer IMO. >> >>>The >>> >>>>>core >>>>>technology challenges for DRM are terminal node >> >>challenges, not network >> >>>>>challenges. Sure, a network is usually involved, but DRM >> >>is nothing >> >>>special >>> >>>>>for the network. DRM's basic network needs are nothing >> >>harder than >> >>>>>http/https over tcp/ip. And the terminal mode challenges >> >>are largely >> >>>about >>> >>>>>things like tamper-resistance, which are proprietary and not very >>> >>>amenable >>> >>>>>to >>>>>standardization. It's not something where an IETF group >> >>adds much value. >> >>>>Right. This is where the word "DRM" is I think a >> >>misnomer for the IETF >> >>>>efforts. You are absolutely right, that DRM is indeed >> >>"terminal node >> >>>>challenges" (ie. development of rights-enforcing >> >>terminals), which is not >> >>>>the traditional area of work for the IETF. >>>> >>>>However, there some network issues that is part of what I >> >>call the "DRM >> >>>>macrocosm", which included functions relating to >> >>look-ups, secure network >> >>>>storage, transaction clearinghouse, etc. These would appear to be >>> >>>suitable >>> >>>>for work items in the IETF. >>>> >>>>Thus, one possible change to IDRM is a new name that is >> >>less likely to be >> >>>>controversial. >>>> >>>> >>>> >>>> >>>>>So where does that leave the group ? Seems to me the >> >>options include: >> >>>>>1) disband >>>>>2) generalize the focus to a multidisciplinary one, >> >>along the lines of >> >>>>>http://www.bcdforum.org . (Though I have to confess I find that >>> >>>organization >>> >>>>>lacking substance.) >>>>>3) Find specific technical problems that are obstacles >> >>to good (i.e. >> >>>>>effective but not Orwellian) DRM, which are going >> >>begging, and in scope, >> >>>>>and work on solutions. >>>>> >>>>>I don't have a top-of-mind suggestion for #3, but it >> >>sounds like the most >> >>>>>fun! >>>> >>>>Yes, the keyword is "fun". Perhaps others on the list >> >>may have specific >> >>>>suggestions? >>>> >>>>cheers, >>>> >>>>thomas >>>>------ >>>> >>>> >>>> >>>> >>>> >>>> >>>>>Other thoughts ??? >>>>> >>>>>Best Regards, >>>>> Gord Larose >>>>> >>>>>----- Original Message ----- >>>>>From: "Mark Baugher" >>>>>To: >>>>>Cc: ; "Vern Paxson" >>>>>Sent: Tuesday, December 10, 2002 6:43 PM >>>>>Subject: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>>>IDRM has obviously been dormant for about a year. >>>>>>SNIP< >>>> > > From rreeder@rightsline.com Thu Dec 12 00:53:54 2002 From: rreeder@rightsline.com (Russell P. Reeder) Date: Wed, 11 Dec 2002 16:53:54 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3DF7DAA0.1020303@finetuning.com> Message-ID: I think you are all correct. Yes there is a need, but it is too complex right now to "nail down" any one standard. If Microsoft, Intertrust, IBM, VeriSign Real and Macrovision can't nail down any standards, then who are we to think we can? As my CTO says, "the best thing about standards is that there are so many of them". The key is to find a solution that is not only as secure as possible, but to ensure the delivery solution is interoperable to the existing enterprise applications these companies are using to track what they own so they can monetize their assets and create new business models. But remember, most businesses today, from Disney to Nike, are using Excel and Access or maybe a homegrown FoxPro application to manage what properties they can even deliver. The problem is not in the delivery, they can't even get their products to the loading dock. Russ _____________________________________________________________ Russell P. Reeder President & CEO RightsLine, Inc. 9100 Wilshire Blvd., Suite 520E Beverly Hills, CA 90212 Office 310-281-6434 Fax 310-281-6495 rreeder@rightsline.com -----Original Message----- From: Lisa Rein [mailto:lisarein@finetuning.com] Sent: Wednesday, December 11, 2002 4:39 PM To: Paul Lambert Cc: Theisen, Isabelle; Thomas Hardjono; ietf-idrm@lists.elistx.com; glarose@info-mech.com; mbaugher@cisco.com Subject: Re: [IDRM] Disband or recharter IDRM? Hi Paul, On the contrary. Business reasons for a specific technology are *exactly* what defines the need for an open interoperable standard. Thanks, Lisa Rein http://www.finetuning.com Paul Lambert wrote: > Perhaps no one has a business reason for this committee and it should be disbanded. > > Business reasons for a specific technology does not guarentee that there is any reason for an open interoperable standard. > > > Paul > > >>-----Original Message----- >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] >>Sent: Wednesday, December 11, 2002 2:48 PM >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >>'glarose@info-mech.com'; 'mbaugher@cisco.com' >>Subject: RE: [IDRM] Disband or recharter IDRM? >> >> >>Please, I do not have a business need for these emails. >>Please, remove from the list. >> >> >>-----Original Message----- >>From: Thomas Hardjono [mailto:thardjono@yahoo.com] >>Sent: Wednesday, December 11, 2002 2:09 PM >>To: Gord Larose >>Cc: ietf-idrm@lists.elistx.com >>Subject: Re: [IDRM] Disband or recharter IDRM? >> >> >>At 12/11/2002||03:16 PM, Gord Larose wrote: >> >>>Hi Thomas, >>>Thanks for the feedback and update. At a high level I agree with you >>>completely. >>> >>>However, at a technical level, "Open source DRM" makes my >> >>brain hurt. It's >> >>>hard enough hide anything in BINARY inside a PC; but like it >> >>or not, that's >> >>>one thing DRM has to do. I should know... the NetActive >> >>technology I was >> >>>largely responsible for addresses exactly that problem. That >> >>technology has >> >>>never, to my knowledge, been publicly cracked... but I doubt >> >>that would have >> >>>been true if we'd published the source ! >> >>Yes, I agree: "open source DRM" makes my brain hurt too :) >>However, this >>seems to be the only way to provide an alternative to proprietary >>technology. In many cases, perhaps the mom-and-pop >>"publisher" does not >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but >>enough to >>discourage non-technical people from trying to break it. >> >> >> >>>And from a business perspective, Mom & Pop businesses already have >>>inexpensive, low-end protection technologies available e.g. from >>>third-party software TBYB wrappers, or via, say, Windows >> >>Media Player DRM. >> >>>The obstacles are more about complexity, churn, supplier >> >>viability, trust, >> >>>and branding, than about cost or availability. >> >>Hmm, I'm not sure I follow here. WMP is only for certain >>types of contents >>(e.g. not books, newspapers, newletters, etc). >> >> >> >> >>>So we'd have to be careful about what the values of such a >> >>system were... if >> >>>we could figure out how it would work ! >>> >>>Here's an entertaining thought: suppose we emphasize TRUST >> >>and CONTINUITY. >> >>>Maybe we could even subvert Palladium and the Fritz Chip to >> >>nobler ends ? >> >>>i.e. a system that WILL, in some sense, robustly protect >> >>content, but WILL >> >>>NOT - as a matter of the supplier's policy - do any of the >> >>things that >> >>>consumers and libertarians rightly fear ? And a further benefit of an >>>open-source (that may not be the right term, maybe >> >>"distributed ownership" >> >>>is better) model could be the continuing availability of the >> >>solution e.g. >> >>>Red Hat may die, but Linux won't. >> >> >>OK, so this is a *very* interesting question. These are the types of >>questions that needs to be discussed in a open forum and >>where pieces of it >>can be standardized (the way many pieces of Linux has been >>standardized). >> >>cheers, >> >>thomas >>------ >> >> >> >> >>>I'm not sure how to do this, but maybe we could figure it out ! >>> >>>Cheers, >>> Gord 8-) >>> >>> >>> >>>----- Original Message ----- >>>From: "Thomas Hardjono" >>>To: ; >>>Sent: Wednesday, December 11, 2002 12:55 PM >>>Subject: Re: [IDRM] Disband or recharter IDRM? >>> >>> >>> >>>>Gord, >>>> >>>>I agree with most of your comments. Judging from the >> >>"emotional outcry" we >> >>>>received at the last IDRM meeting (Salt Lake City IETF, >> >>end of 2001), DRM >> >>>>seems to mean different things to different people. >>>> >>>> >>>>At 12/11/2002||09:23 AM, Gord Larose wrote: >>>> >>>>>Hello: >>>>> Most of you on the list will not know me, as I came >> >>in during your >> >>>period >>> >>>>>of dormancy. I too have been mulling these issues, as >> >>the DRM company >> >>>that >>> >>>>>I helped found (NetActive) struggled like most others in >> >>the space. >> >>>>>I think there are two classes of issues here - the >> >>social-advocacy ones >> >>>>>and the technical ones. >>>>> >>>>>The social-advocacy issues are horribly subjective. The >> >>concerns were >> >>>>>well expressed in Mark's email, and we could spend >> >>thousands of words >> >>>>>debating them. For what it >>>>>is worth, I believe that DRM is not philosophically >> >>wrong, and further, >> >>>that >>> >>>>>it is commercially necessary. However, I do not believe >> >>that the current >> >>>>>"axis of greed" between Hollywood and Washington serves the best >>> >>>interests >>> >>>>>of American citizens and, as a Canadian, I am very >> >>concerned about the >> >>>>>United States' efforts to impose its draconian views of copyright >>>>>enforcement on the rest of the world. >>>>> Good DRM does not have to put Big Brother on your hard >> >>drive. If it >> >>>does, >>> >>>>>then the price is too high. >>>> >>>>Right. So one of the notions we put forward in the IETF >> >>was: is it at all >> >>>>possible to create "open-source DRM technologies", so that small >>>>mom-and-pop publishers need not pay $$$ for proprietary >> >>solutions. The >> >>>>analogy is that with Linux and the Apache webserver, >> >>which are available >> >>>>for around $30. >>>>Another useful comparison in the RSA encryption >> >>algorithm, which is good >> >>>>technology, well understood, standardized and now finally >> >>over the patent >> >>>>hurdle. >>>> >>>>I realize that some folks take the (radical) position of >> >>being against any >> >>>>development of DRM technology whatsoever. The best way >> >>to ensure Big >> >>>>Brother does not happen is to go against any work >> >>relating to DRM. The >> >>>>reality is that DRM Technology is here to stay >> >>(proprietary), whether we >> >>>>like it or not. It will ship inside PCs and in consumer >> >>electronics >> >>>>devices. I think such a position actually helps the Big >> >>Brother syndrome, >> >>>>as it does not provide an option to the general public as >> >>to alternative >> >>>>sources of technology. >>>> >>>> >>>> >>>> >>>>>On a philosophical level then, I say there is a need for >> >>smart people to >> >>>>>build workable DRM that citizens can live with. >>>>> >>>>>The point issue of this technical group's mandate is >> >>much clearer IMO. >> >>>The >>> >>>>>core >>>>>technology challenges for DRM are terminal node >> >>challenges, not network >> >>>>>challenges. Sure, a network is usually involved, but DRM >> >>is nothing >> >>>special >>> >>>>>for the network. DRM's basic network needs are nothing >> >>harder than >> >>>>>http/https over tcp/ip. And the terminal mode challenges >> >>are largely >> >>>about >>> >>>>>things like tamper-resistance, which are proprietary and not very >>> >>>amenable >>> >>>>>to >>>>>standardization. It's not something where an IETF group >> >>adds much value. >> >>>>Right. This is where the word "DRM" is I think a >> >>misnomer for the IETF >> >>>>efforts. You are absolutely right, that DRM is indeed >> >>"terminal node >> >>>>challenges" (ie. development of rights-enforcing >> >>terminals), which is not >> >>>>the traditional area of work for the IETF. >>>> >>>>However, there some network issues that is part of what I >> >>call the "DRM >> >>>>macrocosm", which included functions relating to >> >>look-ups, secure network >> >>>>storage, transaction clearinghouse, etc. These would appear to be >>> >>>suitable >>> >>>>for work items in the IETF. >>>> >>>>Thus, one possible change to IDRM is a new name that is >> >>less likely to be >> >>>>controversial. >>>> >>>> >>>> >>>> >>>>>So where does that leave the group ? Seems to me the >> >>options include: >> >>>>>1) disband >>>>>2) generalize the focus to a multidisciplinary one, >> >>along the lines of >> >>>>>http://www.bcdforum.org . (Though I have to confess I find that >>> >>>organization >>> >>>>>lacking substance.) >>>>>3) Find specific technical problems that are obstacles >> >>to good (i.e. >> >>>>>effective but not Orwellian) DRM, which are going >> >>begging, and in scope, >> >>>>>and work on solutions. >>>>> >>>>>I don't have a top-of-mind suggestion for #3, but it >> >>sounds like the most >> >>>>>fun! >>>> >>>>Yes, the keyword is "fun". Perhaps others on the list >> >>may have specific >> >>>>suggestions? >>>> >>>>cheers, >>>> >>>>thomas >>>>------ >>>> >>>> >>>> >>>> >>>> >>>> >>>>>Other thoughts ??? >>>>> >>>>>Best Regards, >>>>> Gord Larose >>>>> >>>>>----- Original Message ----- >>>>>From: "Mark Baugher" >>>>>To: >>>>>Cc: ; "Vern Paxson" >>>>>Sent: Tuesday, December 10, 2002 6:43 PM >>>>>Subject: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>>>IDRM has obviously been dormant for about a year. >>>>>>SNIP< >>>> > > From PaulLambert@AirgoNetworks.Com Thu Dec 12 01:07:18 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 17:07:18 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A17A@wnimail.woodsidenet.com> Yes ... there are business needs for DRM, but vendors that field DRM = solutions are not compelled to make them a 'open' standard. DRM, whe= n used for content protection is an exclusionary technology that prov= ides no incentive to create open standards. DRM is a very broad topic. The politically exciting areas of file sh= aring and 'protecting' audio or video content are not a good places t= o create a 'research group'. What you need is a business reason for groups to cooperate. DRM (fro= m content providers) forces a usage model on end-systems that does no= t expect or require cooperation. Proprietary and patented technologi= es are an advantage because they are harder to reverse engineer and t= he patents are part of licensing policies that protect the implementa= tions. An irtf research group should not be just a discussion forum. Real p= roblems should be solved. For a work area to be successful, the focus must be clear. There are= problems that could be solved by DRM-ish technologies. For example,= spam filters could be improved with 'digital rights management' tech= nologies. However, this type of work would be more focused and succe= ssful as an anti-spam research group than a DRM task. DRM is a very overloaded and heavily patented term. Fairly simple co= ncepts of key management and public key based signatures have been co= nverted into patented techniques for DRM. The identical techniques w= ere used for secure messaging in the late 80's. The patent issues al= one are a good reason to kill the working group and start specific fo= cused efforts on solving specific problems. =20 Paul > -----Original Message----- > From: Lisa Rein [mailto:lisarein@finetuning.com] > Sent: Wednesday, December 11, 2002 4:39 PM > To: Paul Lambert > Cc: Theisen, Isabelle; Thomas Hardjono; ietf-idrm@lists.elistx.com; > glarose@info-mech.com; mbaugher@cisco.com > Subject: Re: [IDRM] Disband or recharter IDRM? >=20 >=20 > Hi Paul, >=20 > On the contrary. Business reasons for a specific technology are= =20 > *exactly* what defines the need for an open interoperable standard. >=20 > Thanks, >=20 > Lisa Rein >=20 > http://www.finetuning.com >=20 > Paul Lambert wrote: >=20 > > Perhaps no one has a business reason for this committee and=20 > it should be disbanded.=20 > >=20 > > Business reasons for a specific technology does not=20 > guarentee that there is any reason for an open interoperable standa= rd. > >=20 > >=20 > > Paul > >=20 > >=20 > >>-----Original Message----- > >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > >>Sent: Wednesday, December 11, 2002 2:48 PM > >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > >>'glarose@info-mech.com'; 'mbaugher@cisco.com' > >>Subject: RE: [IDRM] Disband or recharter IDRM? > >> > >> > >>Please, I do not have a business need for these emails.=20 > >>Please, remove from the list. > >> > >> > >>-----Original Message----- > >>From: Thomas Hardjono [mailto:thardjono@yahoo.com] > >>Sent: Wednesday, December 11, 2002 2:09 PM > >>To: Gord Larose > >>Cc: ietf-idrm@lists.elistx.com > >>Subject: Re: [IDRM] Disband or recharter IDRM? > >> > >> > >>At 12/11/2002||03:16 PM, Gord Larose wrote: > >> > >>>Hi Thomas, > >>>Thanks for the feedback and update. At a high level I=20 > agree with you > >>>completely. > >>> > >>>However, at a technical level, "Open source DRM" makes my=20 > >> > >>brain hurt. It's > >> > >>>hard enough hide anything in BINARY inside a PC; but like it= =20 > >> > >>or not, that's > >> > >>>one thing DRM has to do. I should know... the NetActive=20 > >> > >>technology I was > >> > >>>largely responsible for addresses exactly that problem. That= =20 > >> > >>technology has > >> > >>>never, to my knowledge, been publicly cracked... but I doubt= =20 > >> > >>that would have > >> > >>>been true if we'd published the source ! > >> > >>Yes, I agree: "open source DRM" makes my brain hurt too :) =20 > >>However, this=20 > >>seems to be the only way to provide an alternative to proprietary= =20 > >>technology. In many cases, perhaps the mom-and-pop=20 > >>"publisher" does not=20 > >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but= =20 > >>enough to=20 > >>discourage non-technical people from trying to break it. > >> > >> > >> > >>>And from a business perspective, Mom & Pop businesses already ha= ve > >>>inexpensive, low-end protection technologies available e.g. fro= m > >>>third-party software TBYB wrappers, or via, say, Windows=20 > >> > >>Media Player DRM. > >> > >>>The obstacles are more about complexity, churn, supplier=20 > >> > >>viability, trust, > >> > >>>and branding, than about cost or availability. > >> > >>Hmm, I'm not sure I follow here. WMP is only for certain=20 > >>types of contents=20 > >>(e.g. not books, newspapers, newletters, etc). > >> > >> > >> > >> > >>>So we'd have to be careful about what the values of such a=20 > >> > >>system were... if > >> > >>>we could figure out how it would work ! > >>> > >>>Here's an entertaining thought: suppose we emphasize TRUST=20 > >> > >>and CONTINUITY. > >> > >>>Maybe we could even subvert Palladium and the Fritz Chip to=20 > >> > >>nobler ends ? > >> > >>>i.e. a system that WILL, in some sense, robustly protect=20 > >> > >>content, but WILL > >> > >>>NOT - as a matter of the supplier's policy - do any of the= =20 > >> > >>things that > >> > >>>consumers and libertarians rightly fear ? And a further=20 > benefit of an > >>>open-source (that may not be the right term, maybe=20 > >> > >>"distributed ownership" > >> > >>>is better) model could be the continuing availability of the= =20 > >> > >>solution e.g. > >> > >>>Red Hat may die, but Linux won't. > >> > >> > >>OK, so this is a *very* interesting question. These are=20 > the types of=20 > >>questions that needs to be discussed in a open forum and=20 > >>where pieces of it=20 > >>can be standardized (the way many pieces of Linux has been=20 > >>standardized). > >> > >>cheers, > >> > >>thomas > >>------ > >> > >> > >> > >> > >>>I'm not sure how to do this, but maybe we could figure it out ! > >>> > >>>Cheers, > >>> Gord 8-) > >>> > >>> > >>> > >>>----- Original Message ----- > >>>From: "Thomas Hardjono" > >>>To: ; > >>>Sent: Wednesday, December 11, 2002 12:55 PM > >>>Subject: Re: [IDRM] Disband or recharter IDRM? > >>> > >>> > >>> > >>>>Gord, > >>>> > >>>>I agree with most of your comments. Judging from the=20 > >> > >>"emotional outcry" we > >> > >>>>received at the last IDRM meeting (Salt Lake City IETF,=20 > >> > >>end of 2001), DRM > >> > >>>>seems to mean different things to different people. > >>>> > >>>> > >>>>At 12/11/2002||09:23 AM, Gord Larose wrote: > >>>> > >>>>>Hello: > >>>>> Most of you on the list will not know me, as I came=20 > >> > >>in during your > >> > >>>period > >>> > >>>>>of dormancy. I too have been mulling these issues, as=20 > >> > >>the DRM company > >> > >>>that > >>> > >>>>>I helped found (NetActive) struggled like most others in=20 > >> > >>the space. > >> > >>>>>I think there are two classes of issues here - the=20 > >> > >>social-advocacy ones > >> > >>>>>and the technical ones. > >>>>> > >>>>>The social-advocacy issues are horribly subjective. The=20 > >> > >>concerns were > >> > >>>>>well expressed in Mark's email, and we could spend=20 > >> > >>thousands of words > >> > >>>>>debating them. For what it > >>>>>is worth, I believe that DRM is not philosophically=20 > >> > >>wrong, and further, > >> > >>>that > >>> > >>>>>it is commercially necessary. However, I do not believe=20 > >> > >>that the current > >> > >>>>>"axis of greed" between Hollywood and Washington serves the be= st > >>> > >>>interests > >>> > >>>>>of American citizens and, as a Canadian, I am very=20 > >> > >>concerned about the > >> > >>>>>United States' efforts to impose its draconian views of copyri= ght > >>>>>enforcement on the rest of the world. > >>>>> Good DRM does not have to put Big Brother on your hard=20 > >> > >>drive. If it > >> > >>>does, > >>> > >>>>>then the price is too high. > >>>> > >>>>Right. So one of the notions we put forward in the IETF=20 > >> > >>was: is it at all > >> > >>>>possible to create "open-source DRM technologies", so that smal= l > >>>>mom-and-pop publishers need not pay $$$ for proprietary=20 > >> > >>solutions. The > >> > >>>>analogy is that with Linux and the Apache webserver,=20 > >> > >>which are available > >> > >>>>for around $30. > >>>>Another useful comparison in the RSA encryption=20 > >> > >>algorithm, which is good > >> > >>>>technology, well understood, standardized and now finally=20 > >> > >>over the patent > >> > >>>>hurdle. > >>>> > >>>>I realize that some folks take the (radical) position of=20 > >> > >>being against any > >> > >>>>development of DRM technology whatsoever. The best way=20 > >> > >>to ensure Big > >> > >>>>Brother does not happen is to go against any work=20 > >> > >>relating to DRM. The > >> > >>>>reality is that DRM Technology is here to stay=20 > >> > >>(proprietary), whether we > >> > >>>>like it or not. It will ship inside PCs and in consumer=20 > >> > >>electronics > >> > >>>>devices. I think such a position actually helps the Big=20 > >> > >>Brother syndrome, > >> > >>>>as it does not provide an option to the general public as=20 > >> > >>to alternative > >> > >>>>sources of technology. > >>>> > >>>> > >>>> > >>>> > >>>>>On a philosophical level then, I say there is a need for=20 > >> > >>smart people to > >> > >>>>>build workable DRM that citizens can live with. > >>>>> > >>>>>The point issue of this technical group's mandate is=20 > >> > >>much clearer IMO. > >> > >>>The > >>> > >>>>>core > >>>>>technology challenges for DRM are terminal node=20 > >> > >>challenges, not network > >> > >>>>>challenges. Sure, a network is usually involved, but DRM=20 > >> > >>is nothing > >> > >>>special > >>> > >>>>>for the network. DRM's basic network needs are nothing=20 > >> > >>harder than > >> > >>>>>http/https over tcp/ip. And the terminal mode challenges=20 > >> > >>are largely > >> > >>>about > >>> > >>>>>things like tamper-resistance, which are proprietary and not v= ery > >>> > >>>amenable > >>> > >>>>>to > >>>>>standardization. It's not something where an IETF group=20 > >> > >>adds much value. > >> > >>>>Right. This is where the word "DRM" is I think a=20 > >> > >>misnomer for the IETF > >> > >>>>efforts. You are absolutely right, that DRM is indeed=20 > >> > >>"terminal node > >> > >>>>challenges" (ie. development of rights-enforcing=20 > >> > >>terminals), which is not > >> > >>>>the traditional area of work for the IETF. > >>>> > >>>>However, there some network issues that is part of what I=20 > >> > >>call the "DRM > >> > >>>>macrocosm", which included functions relating to=20 > >> > >>look-ups, secure network > >> > >>>>storage, transaction clearinghouse, etc. These would appear to= be > >>> > >>>suitable > >>> > >>>>for work items in the IETF. > >>>> > >>>>Thus, one possible change to IDRM is a new name that is=20 > >> > >>less likely to be > >> > >>>>controversial. > >>>> > >>>> > >>>> > >>>> > >>>>>So where does that leave the group ? Seems to me the=20 > >> > >>options include: > >> > >>>>>1) disband > >>>>>2) generalize the focus to a multidisciplinary one,=20 > >> > >>along the lines of > >> > >>>>>http://www.bcdforum.org . (Though I have to confess I find tha= t > >>> > >>>organization > >>> > >>>>>lacking substance.) > >>>>>3) Find specific technical problems that are obstacles=20 > >> > >>to good (i.e. > >> > >>>>>effective but not Orwellian) DRM, which are going=20 > >> > >>begging, and in scope, > >> > >>>>>and work on solutions. > >>>>> > >>>>>I don't have a top-of-mind suggestion for #3, but it=20 > >> > >>sounds like the most > >> > >>>>>fun! > >>>> > >>>>Yes, the keyword is "fun". Perhaps others on the list=20 > >> > >>may have specific > >> > >>>>suggestions? > >>>> > >>>>cheers, > >>>> > >>>>thomas > >>>>------ > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Other thoughts ??? > >>>>> > >>>>>Best Regards, > >>>>> Gord Larose > >>>>> > >>>>>----- Original Message ----- > >>>>>From: "Mark Baugher" > >>>>>To: > >>>>>Cc: ; "Vern Paxson" > >>>>>Sent: Tuesday, December 10, 2002 6:43 PM > >>>>>Subject: [IDRM] Disband or recharter IDRM? > >>>>> > >>>>> > >>>>>>IDRM has obviously been dormant for about a year. > >>>>>>SNIP< > >>>> > >=20 > >=20 >=20 >=20 From PaulLambert@AirgoNetworks.Com Thu Dec 12 01:16:42 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 17:16:42 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A17B@wnimail.woodsidenet.com> > Just so we are all on the same page, a stated "business reason" is= not=20 > among the criteria used to establish and guide an Internet Research= Task=20 > Force (IRTF) Research Group such as IDRM=20 There needs to be some reason for the community at large to participa= te. =20 > Force (IRTF) Research Group such as IDRM=20 > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) Which says: The products of a Research Group are research results that may be disseminated by publication in scholarly journ= als and conferences, as white papers for the community, as Information= al RFCs, and so on. In addition, it is expected that technologies developed in a Research Group will be brought to the IETF as input= to IETF Working Group(s) for possible standardization. It does not say 'discussion forum'. What are the specific work produ= cts for this group? Paul > -----Original Message----- > From: Mark Baugher [mailto:mbaugher@cisco.com] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Paul Lambert > Cc: ietf-idrm@lists.elistx.com > Subject: RE: [IDRM] Disband or recharter IDRM? >=20 >=20 > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: >=20 > > > Please, I do not have a business need for these emails. > > > >Perhaps no one has a business reason for this committee and=20 > it should be=20 > >disbanded. >=20 > Just so we are all on the same page, a stated "business=20 > reason" is not=20 > among the criteria used to establish and guide an Internet=20 > Research Task=20 > Force (IRTF) Research Group such as IDRM=20 > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >=20 > Mark >=20 >=20 > >Business reasons for a specific technology does not=20 > guarentee that there=20 > >is any reason for an open interoperable standard. > > > > > >Paul > > > > > -----Original Message----- > > > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com= ] > > > Sent: Wednesday, December 11, 2002 2:48 PM > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > Please, I do not have a business need for these emails. > > > Please, remove from the list. > > > > > > > > > -----Original Message----- > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > > Sent: Wednesday, December 11, 2002 2:09 PM > > > To: Gord Larose > > > Cc: ietf-idrm@lists.elistx.com > > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > > >Hi Thomas, > > > >Thanks for the feedback and update. At a high level I=20 > agree with you > > > >completely. > > > > > > > >However, at a technical level, "Open source DRM" makes my > > > brain hurt. It's > > > >hard enough hide anything in BINARY inside a PC; but like it > > > or not, that's > > > >one thing DRM has to do. I should know... the NetActive > > > technology I was > > > >largely responsible for addresses exactly that problem. That > > > technology has > > > >never, to my knowledge, been publicly cracked... but I doubt > > > that would have > > > >been true if we'd published the source ! > > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > > However, this > > > seems to be the only way to provide an alternative to proprieta= ry > > > technology. In many cases, perhaps the mom-and-pop > > > "publisher" does not > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > > enough to > > > discourage non-technical people from trying to break it. > > > > > > > > > >And from a business perspective, Mom & Pop businesses=20 > already have > > > >inexpensive, low-end protection technologies available e.g. f= rom > > > >third-party software TBYB wrappers, or via, say, Windows > > > Media Player DRM. > > > >The obstacles are more about complexity, churn, supplier > > > viability, trust, > > > >and branding, than about cost or availability. > > > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > > types of contents > > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > > > > > >So we'd have to be careful about what the values of such a > > > system were... if > > > >we could figure out how it would work ! > > > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > > and CONTINUITY. > > > >Maybe we could even subvert Palladium and the Fritz Chip to > > > nobler ends ? > > > >i.e. a system that WILL, in some sense, robustly protect > > > content, but WILL > > > >NOT - as a matter of the supplier's policy - do any of the > > > things that > > > >consumers and libertarians rightly fear ? And a further=20 > benefit of an > > > >open-source (that may not be the right term, maybe > > > "distributed ownership" > > > >is better) model could be the continuing availability of the > > > solution e.g. > > > >Red Hat may die, but Linux won't. > > > > > > > > > OK, so this is a *very* interesting question. These are=20 > the types of > > > questions that needs to be discussed in a open forum and > > > where pieces of it > > > can be standardized (the way many pieces of Linux has been > > > standardized). > > > > > > cheers, > > > > > > thomas > > > ------ > > > > > > > > > > > > >I'm not sure how to do this, but maybe we could figure it out = ! > > > > > > > >Cheers, > > > > Gord 8-) > > > > > > > > > > > > > > > >----- Original Message ----- > > > >From: "Thomas Hardjono" > > > >To: ; > > > >Sent: Wednesday, December 11, 2002 12:55 PM > > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > Gord, > > > > > > > > > > I agree with most of your comments. Judging from the > > > "emotional outcry" we > > > > > received at the last IDRM meeting (Salt Lake City IETF, > > > end of 2001), DRM > > > > > seems to mean different things to different people. > > > > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > > >Hello: > > > > > > Most of you on the list will not know me, as I came > > > in during your > > > >period > > > > > >of dormancy. I too have been mulling these issues, as > > > the DRM company > > > >that > > > > > >I helped found (NetActive) struggled like most others in > > > the space. > > > > > > > > > > > >I think there are two classes of issues here - the > > > social-advocacy ones > > > > > >and the technical ones. > > > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > > concerns were > > > > > >well expressed in Mark's email, and we could spend > > > thousands of words > > > > > >debating them. For what it > > > > > >is worth, I believe that DRM is not philosophically > > > wrong, and further, > > > >that > > > > > >it is commercially necessary. However, I do not believe > > > that the current > > > > > >"axis of greed" between Hollywood and Washington=20 > serves the best > > > >interests > > > > > >of American citizens and, as a Canadian, I am very > > > concerned about the > > > > > >United States' efforts to impose its draconian views=20 > of copyright > > > > > >enforcement on the rest of the world. > > > > > > Good DRM does not have to put Big Brother on your hard > > > drive. If it > > > >does, > > > > > >then the price is too high. > > > > > > > > > > Right. So one of the notions we put forward in the IETF > > > was: is it at all > > > > > possible to create "open-source DRM technologies", so=20 > that small > > > > > mom-and-pop publishers need not pay $$$ for proprietary > > > solutions. The > > > > > analogy is that with Linux and the Apache webserver, > > > which are available > > > > > for around $30. > > > > > Another useful comparison in the RSA encryption > > > algorithm, which is good > > > > > technology, well understood, standardized and now finally > > > over the patent > > > > > hurdle. > > > > > > > > > > I realize that some folks take the (radical) position of > > > being against any > > > > > development of DRM technology whatsoever. The best way > > > to ensure Big > > > > > Brother does not happen is to go against any work > > > relating to DRM. The > > > > > reality is that DRM Technology is here to stay > > > (proprietary), whether we > > > > > like it or not. It will ship inside PCs and in consumer > > > electronics > > > > > devices. I think such a position actually helps the Big > > > Brother syndrome, > > > > > as it does not provide an option to the general public as > > > to alternative > > > > > sources of technology. > > > > > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > > smart people to > > > > > >build workable DRM that citizens can live with. > > > > > > > > > > > >The point issue of this technical group's mandate is > > > much clearer IMO. > > > >The > > > > > >core > > > > > >technology challenges for DRM are terminal node > > > challenges, not network > > > > > >challenges. Sure, a network is usually involved, but DRM > > > is nothing > > > >special > > > > > >for the network. DRM's basic network needs are nothing > > > harder than > > > > > >http/https over tcp/ip. And the terminal mode challenges > > > are largely > > > >about > > > > > >things like tamper-resistance, which are proprietary=20 > and not very > > > >amenable > > > > > >to > > > > > >standardization. It's not something where an IETF group > > > adds much value. > > > > > > > > > > Right. This is where the word "DRM" is I think a > > > misnomer for the IETF > > > > > efforts. You are absolutely right, that DRM is indeed > > > "terminal node > > > > > challenges" (ie. development of rights-enforcing > > > terminals), which is not > > > > > the traditional area of work for the IETF. > > > > > > > > > > However, there some network issues that is part of what I > > > call the "DRM > > > > > macrocosm", which included functions relating to > > > look-ups, secure network > > > > > storage, transaction clearinghouse, etc. These would=20 > appear to be > > > >suitable > > > > > for work items in the IETF. > > > > > > > > > > Thus, one possible change to IDRM is a new name that is > > > less likely to be > > > > > controversial. > > > > > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > > options include: > > > > > >1) disband > > > > > >2) generalize the focus to a multidisciplinary one, > > > along the lines of > > > > > >http://www.bcdforum.org . (Though I have to confess=20 > I find that > > > >organization > > > > > >lacking substance.) > > > > > >3) Find specific technical problems that are obstacles > > > to good (i.e. > > > > > >effective but not Orwellian) DRM, which are going > > > begging, and in scope, > > > > > >and work on solutions. > > > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > > sounds like the most > > > > > >fun! > > > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > > may have specific > > > > > suggestions? > > > > > > > > > > cheers, > > > > > > > > > > thomas > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > > > >Best Regards, > > > > > > Gord Larose > > > > > > > > > > > >----- Original Message ----- > > > > > >From: "Mark Baugher" > > > > > >To: > > > > > >Cc: ; "Vern Paxson" > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > > >SNIP< > > > > > > > > >=20 From mbaugher@cisco.com Thu Dec 12 01:25:56 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Wed, 11 Dec 2002 17:25:56 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A17B@wnimail.woodsidenet.com> Message-ID: <5.1.1.5.2.20021211172454.0846eeb0@mira-sjc5-6.cisco.com> Paul www.irtf.org is the main page from which you can navigate to the IDRM page, which is where the RG deliverables are described. Mark At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote: > > Just so we are all on the same page, a stated "business reason" is not > > among the criteria used to establish and guide an Internet Research Task > > Force (IRTF) Research Group such as IDRM > >There needs to be some reason for the community at large to participate. > > > Force (IRTF) Research Group such as IDRM > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > >Which says: > > The products of a Research Group are research > results that may be disseminated by publication in scholarly journals > and conferences, as white papers for the community, as Informational > RFCs, and so on. In addition, it is expected that technologies > developed in a Research Group will be brought to the IETF as input to > IETF Working Group(s) for possible standardization. > >It does not say 'discussion forum'. What are the specific work products >for this group? > > >Paul > > > -----Original Message----- > > From: Mark Baugher [mailto:mbaugher@cisco.com] > > Sent: Wednesday, December 11, 2002 3:22 PM > > To: Paul Lambert > > Cc: ietf-idrm@lists.elistx.com > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > > > Please, I do not have a business need for these emails. > > > > > >Perhaps no one has a business reason for this committee and > > it should be > > >disbanded. > > > > Just so we are all on the same page, a stated "business > > reason" is not > > among the criteria used to establish and guide an Internet > > Research Task > > Force (IRTF) Research Group such as IDRM > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > Mark > > > > > > >Business reasons for a specific technology does not > > guarentee that there > > >is any reason for an open interoperable standard. > > > > > > > > >Paul > > > > > > > -----Original Message----- > > > > From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > > > > Sent: Wednesday, December 11, 2002 2:48 PM > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > Please, I do not have a business need for these emails. > > > > Please, remove from the list. > > > > > > > > > > > > -----Original Message----- > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > > > Sent: Wednesday, December 11, 2002 2:09 PM > > > > To: Gord Larose > > > > Cc: ietf-idrm@lists.elistx.com > > > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > > > >Hi Thomas, > > > > >Thanks for the feedback and update. At a high level I > > agree with you > > > > >completely. > > > > > > > > > >However, at a technical level, "Open source DRM" makes my > > > > brain hurt. It's > > > > >hard enough hide anything in BINARY inside a PC; but like it > > > > or not, that's > > > > >one thing DRM has to do. I should know... the NetActive > > > > technology I was > > > > >largely responsible for addresses exactly that problem. That > > > > technology has > > > > >never, to my knowledge, been publicly cracked... but I doubt > > > > that would have > > > > >been true if we'd published the source ! > > > > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > > > However, this > > > > seems to be the only way to provide an alternative to proprietary > > > > technology. In many cases, perhaps the mom-and-pop > > > > "publisher" does not > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > > > enough to > > > > discourage non-technical people from trying to break it. > > > > > > > > > > > > >And from a business perspective, Mom & Pop businesses > > already have > > > > >inexpensive, low-end protection technologies available e.g. from > > > > >third-party software TBYB wrappers, or via, say, Windows > > > > Media Player DRM. > > > > >The obstacles are more about complexity, churn, supplier > > > > viability, trust, > > > > >and branding, than about cost or availability. > > > > > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > > > types of contents > > > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > > > > > > > > > >So we'd have to be careful about what the values of such a > > > > system were... if > > > > >we could figure out how it would work ! > > > > > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > > > and CONTINUITY. > > > > >Maybe we could even subvert Palladium and the Fritz Chip to > > > > nobler ends ? > > > > >i.e. a system that WILL, in some sense, robustly protect > > > > content, but WILL > > > > >NOT - as a matter of the supplier's policy - do any of the > > > > things that > > > > >consumers and libertarians rightly fear ? And a further > > benefit of an > > > > >open-source (that may not be the right term, maybe > > > > "distributed ownership" > > > > >is better) model could be the continuing availability of the > > > > solution e.g. > > > > >Red Hat may die, but Linux won't. > > > > > > > > > > > > OK, so this is a *very* interesting question. These are > > the types of > > > > questions that needs to be discussed in a open forum and > > > > where pieces of it > > > > can be standardized (the way many pieces of Linux has been > > > > standardized). > > > > > > > > cheers, > > > > > > > > thomas > > > > ------ > > > > > > > > > > > > > > > > >I'm not sure how to do this, but maybe we could figure it out ! > > > > > > > > > >Cheers, > > > > > Gord 8-) > > > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > >From: "Thomas Hardjono" > > > > >To: ; > > > > >Sent: Wednesday, December 11, 2002 12:55 PM > > > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > > > > > Gord, > > > > > > > > > > > > I agree with most of your comments. Judging from the > > > > "emotional outcry" we > > > > > > received at the last IDRM meeting (Salt Lake City IETF, > > > > end of 2001), DRM > > > > > > seems to mean different things to different people. > > > > > > > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > > > >Hello: > > > > > > > Most of you on the list will not know me, as I came > > > > in during your > > > > >period > > > > > > >of dormancy. I too have been mulling these issues, as > > > > the DRM company > > > > >that > > > > > > >I helped found (NetActive) struggled like most others in > > > > the space. > > > > > > > > > > > > > >I think there are two classes of issues here - the > > > > social-advocacy ones > > > > > > >and the technical ones. > > > > > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > > > concerns were > > > > > > >well expressed in Mark's email, and we could spend > > > > thousands of words > > > > > > >debating them. For what it > > > > > > >is worth, I believe that DRM is not philosophically > > > > wrong, and further, > > > > >that > > > > > > >it is commercially necessary. However, I do not believe > > > > that the current > > > > > > >"axis of greed" between Hollywood and Washington > > serves the best > > > > >interests > > > > > > >of American citizens and, as a Canadian, I am very > > > > concerned about the > > > > > > >United States' efforts to impose its draconian views > > of copyright > > > > > > >enforcement on the rest of the world. > > > > > > > Good DRM does not have to put Big Brother on your hard > > > > drive. If it > > > > >does, > > > > > > >then the price is too high. > > > > > > > > > > > > Right. So one of the notions we put forward in the IETF > > > > was: is it at all > > > > > > possible to create "open-source DRM technologies", so > > that small > > > > > > mom-and-pop publishers need not pay $$$ for proprietary > > > > solutions. The > > > > > > analogy is that with Linux and the Apache webserver, > > > > which are available > > > > > > for around $30. > > > > > > Another useful comparison in the RSA encryption > > > > algorithm, which is good > > > > > > technology, well understood, standardized and now finally > > > > over the patent > > > > > > hurdle. > > > > > > > > > > > > I realize that some folks take the (radical) position of > > > > being against any > > > > > > development of DRM technology whatsoever. The best way > > > > to ensure Big > > > > > > Brother does not happen is to go against any work > > > > relating to DRM. The > > > > > > reality is that DRM Technology is here to stay > > > > (proprietary), whether we > > > > > > like it or not. It will ship inside PCs and in consumer > > > > electronics > > > > > > devices. I think such a position actually helps the Big > > > > Brother syndrome, > > > > > > as it does not provide an option to the general public as > > > > to alternative > > > > > > sources of technology. > > > > > > > > > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > > > smart people to > > > > > > >build workable DRM that citizens can live with. > > > > > > > > > > > > > >The point issue of this technical group's mandate is > > > > much clearer IMO. > > > > >The > > > > > > >core > > > > > > >technology challenges for DRM are terminal node > > > > challenges, not network > > > > > > >challenges. Sure, a network is usually involved, but DRM > > > > is nothing > > > > >special > > > > > > >for the network. DRM's basic network needs are nothing > > > > harder than > > > > > > >http/https over tcp/ip. And the terminal mode challenges > > > > are largely > > > > >about > > > > > > >things like tamper-resistance, which are proprietary > > and not very > > > > >amenable > > > > > > >to > > > > > > >standardization. It's not something where an IETF group > > > > adds much value. > > > > > > > > > > > > Right. This is where the word "DRM" is I think a > > > > misnomer for the IETF > > > > > > efforts. You are absolutely right, that DRM is indeed > > > > "terminal node > > > > > > challenges" (ie. development of rights-enforcing > > > > terminals), which is not > > > > > > the traditional area of work for the IETF. > > > > > > > > > > > > However, there some network issues that is part of what I > > > > call the "DRM > > > > > > macrocosm", which included functions relating to > > > > look-ups, secure network > > > > > > storage, transaction clearinghouse, etc. These would > > appear to be > > > > >suitable > > > > > > for work items in the IETF. > > > > > > > > > > > > Thus, one possible change to IDRM is a new name that is > > > > less likely to be > > > > > > controversial. > > > > > > > > > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > > > options include: > > > > > > >1) disband > > > > > > >2) generalize the focus to a multidisciplinary one, > > > > along the lines of > > > > > > >http://www.bcdforum.org . (Though I have to confess > > I find that > > > > >organization > > > > > > >lacking substance.) > > > > > > >3) Find specific technical problems that are obstacles > > > > to good (i.e. > > > > > > >effective but not Orwellian) DRM, which are going > > > > begging, and in scope, > > > > > > >and work on solutions. > > > > > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > > > sounds like the most > > > > > > >fun! > > > > > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > > > may have specific > > > > > > suggestions? > > > > > > > > > > > > cheers, > > > > > > > > > > > > thomas > > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > > > > > >Best Regards, > > > > > > > Gord Larose > > > > > > > > > > > > > >----- Original Message ----- > > > > > > >From: "Mark Baugher" > > > > > > >To: > > > > > > >Cc: ; "Vern Paxson" > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > > > >SNIP< > > > > > > > > > > > > From PaulLambert@AirgoNetworks.Com Thu Dec 12 01:27:40 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 17:27:40 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A17C@wnimail.woodsidenet.com> > Paul, >=20 > Thanks for your input. >=20 > We're trying to see if there needs to be a place for=20 > discussion regarding=20 > DRM-related issues. These discussion may or may not result=20 > in standards. Then the group should change: "... it is expected that technologies developed in a Research Group will be brought to the IETF as input= to IETF Working Group(s) for possible standardization." This group has no charter to be just a 'place for discussion'. The choices are: "If, at some point, it becomes evident that a Research Group is no= t making progress in the research areas defined in its charter, or fails to regularly report the results of its research to the community, the IRTF Chair can, in consultation with Group, either: 1. Require that the group recharter to refocus on a different set of problems, 2. Request that the group choose new Chair(s), or 3. Disband the group." Paul From lisarein@finetuning.com Thu Dec 12 01:32:44 2002 From: lisarein@finetuning.com (Lisa Rein) Date: Wed, 11 Dec 2002 17:32:44 -0800 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <3FFBC907DD03A34CA4410C5C745DEB12E7A17B@wnimail.woodsidenet.com> References: <3FFBC907DD03A34CA4410C5C745DEB12E7A17B@wnimail.woodsidenet.com> Message-ID: <3DF7E73C.2080402@finetuning.com> If I understand IETF procedures correctly, it is a common practice to reopen a irtf list for the purposes of discussing whether or not there should be a re-charter. plus it would appear discussions of this sort are encouraged by the IRTF charter (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt): > Even more than the IETF, the work of the IRSG is expected to be > marked by informality. The goal is to encourage and foster valuable > research, not to add burdensome bureaucracy to the endeavor. Thanks, lisa Paul Lambert wrote: >>Just so we are all on the same page, a stated "business reason" is not >>among the criteria used to establish and guide an Internet Research Task >>Force (IRTF) Research Group such as IDRM > > > There needs to be some reason for the community at large to participate. > > >>Force (IRTF) Research Group such as IDRM >>(ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > Which says: > > The products of a Research Group are research > results that may be disseminated by publication in scholarly journals > and conferences, as white papers for the community, as Informational > RFCs, and so on. In addition, it is expected that technologies > developed in a Research Group will be brought to the IETF as input to > IETF Working Group(s) for possible standardization. > > It does not say 'discussion forum'. What are the specific work products for this group? > > > Paul > > >>-----Original Message----- >>From: Mark Baugher [mailto:mbaugher@cisco.com] >>Sent: Wednesday, December 11, 2002 3:22 PM >>To: Paul Lambert >>Cc: ietf-idrm@lists.elistx.com >>Subject: RE: [IDRM] Disband or recharter IDRM? >> >> >>At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: >> >> >>>>Please, I do not have a business need for these emails. >>> >>>Perhaps no one has a business reason for this committee and >> >>it should be >> >>>disbanded. >> >>Just so we are all on the same page, a stated "business >>reason" is not >>among the criteria used to establish and guide an Internet >>Research Task >>Force (IRTF) Research Group such as IDRM >>(ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >> >>Mark >> >> >> >>>Business reasons for a specific technology does not >> >>guarentee that there >> >>>is any reason for an open interoperable standard. >>> >>> >>>Paul >>> >>> >>>>-----Original Message----- >>>>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] >>>>Sent: Wednesday, December 11, 2002 2:48 PM >>>>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >>>>'glarose@info-mech.com'; 'mbaugher@cisco.com' >>>>Subject: RE: [IDRM] Disband or recharter IDRM? >>>> >>>> >>>>Please, I do not have a business need for these emails. >>>>Please, remove from the list. >>>> >>>> >>>>-----Original Message----- >>>>From: Thomas Hardjono [mailto:thardjono@yahoo.com] >>>>Sent: Wednesday, December 11, 2002 2:09 PM >>>>To: Gord Larose >>>>Cc: ietf-idrm@lists.elistx.com >>>>Subject: Re: [IDRM] Disband or recharter IDRM? >>>> >>>> >>>>At 12/11/2002||03:16 PM, Gord Larose wrote: >>>> >>>>>Hi Thomas, >>>>>Thanks for the feedback and update. At a high level I >> >>agree with you >> >>>>>completely. >>>>> >>>>>However, at a technical level, "Open source DRM" makes my >>>> >>>>brain hurt. It's >>>> >>>>>hard enough hide anything in BINARY inside a PC; but like it >>>> >>>>or not, that's >>>> >>>>>one thing DRM has to do. I should know... the NetActive >>>> >>>>technology I was >>>> >>>>>largely responsible for addresses exactly that problem. That >>>> >>>>technology has >>>> >>>>>never, to my knowledge, been publicly cracked... but I doubt >>>> >>>>that would have >>>> >>>>>been true if we'd published the source ! >>>> >>>>Yes, I agree: "open source DRM" makes my brain hurt too :) >>>>However, this >>>>seems to be the only way to provide an alternative to proprietary >>>>technology. In many cases, perhaps the mom-and-pop >>>>"publisher" does not >>>>need 100% hack-proof DRM (maybe not even 90% hack-proof), but >>>>enough to >>>>discourage non-technical people from trying to break it. >>>> >>>> >>>> >>>>>And from a business perspective, Mom & Pop businesses >> >>already have >> >>>>>inexpensive, low-end protection technologies available e.g. from >>>>>third-party software TBYB wrappers, or via, say, Windows >>>> >>>>Media Player DRM. >>>> >>>>>The obstacles are more about complexity, churn, supplier >>>> >>>>viability, trust, >>>> >>>>>and branding, than about cost or availability. >>>> >>>>Hmm, I'm not sure I follow here. WMP is only for certain >>>>types of contents >>>>(e.g. not books, newspapers, newletters, etc). >>>> >>>> >>>> >>>> >>>>>So we'd have to be careful about what the values of such a >>>> >>>>system were... if >>>> >>>>>we could figure out how it would work ! >>>>> >>>>>Here's an entertaining thought: suppose we emphasize TRUST >>>> >>>>and CONTINUITY. >>>> >>>>>Maybe we could even subvert Palladium and the Fritz Chip to >>>> >>>>nobler ends ? >>>> >>>>>i.e. a system that WILL, in some sense, robustly protect >>>> >>>>content, but WILL >>>> >>>>>NOT - as a matter of the supplier's policy - do any of the >>>> >>>>things that >>>> >>>>>consumers and libertarians rightly fear ? And a further >> >>benefit of an >> >>>>>open-source (that may not be the right term, maybe >>>> >>>>"distributed ownership" >>>> >>>>>is better) model could be the continuing availability of the >>>> >>>>solution e.g. >>>> >>>>>Red Hat may die, but Linux won't. >>>> >>>> >>>>OK, so this is a *very* interesting question. These are >> >>the types of >> >>>>questions that needs to be discussed in a open forum and >>>>where pieces of it >>>>can be standardized (the way many pieces of Linux has been >>>>standardized). >>>> >>>>cheers, >>>> >>>>thomas >>>>------ >>>> >>>> >>>> >>>> >>>>>I'm not sure how to do this, but maybe we could figure it out ! >>>>> >>>>>Cheers, >>>>> Gord 8-) >>>>> >>>>> >>>>> >>>>>----- Original Message ----- >>>>>From: "Thomas Hardjono" >>>>>To: ; >>>>>Sent: Wednesday, December 11, 2002 12:55 PM >>>>>Subject: Re: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>> >>>>>>Gord, >>>>>> >>>>>>I agree with most of your comments. Judging from the >>>> >>>>"emotional outcry" we >>>> >>>>>>received at the last IDRM meeting (Salt Lake City IETF, >>>> >>>>end of 2001), DRM >>>> >>>>>>seems to mean different things to different people. >>>>>> >>>>>> >>>>>>At 12/11/2002||09:23 AM, Gord Larose wrote: >>>>>> >>>>>>>Hello: >>>>>>> Most of you on the list will not know me, as I came >>>> >>>>in during your >>>> >>>>>period >>>>> >>>>>>>of dormancy. I too have been mulling these issues, as >>>> >>>>the DRM company >>>> >>>>>that >>>>> >>>>>>>I helped found (NetActive) struggled like most others in >>>> >>>>the space. >>>> >>>>>>>I think there are two classes of issues here - the >>>> >>>>social-advocacy ones >>>> >>>>>>>and the technical ones. >>>>>>> >>>>>>>The social-advocacy issues are horribly subjective. The >>>> >>>>concerns were >>>> >>>>>>>well expressed in Mark's email, and we could spend >>>> >>>>thousands of words >>>> >>>>>>>debating them. For what it >>>>>>>is worth, I believe that DRM is not philosophically >>>> >>>>wrong, and further, >>>> >>>>>that >>>>> >>>>>>>it is commercially necessary. However, I do not believe >>>> >>>>that the current >>>> >>>>>>>"axis of greed" between Hollywood and Washington >> >>serves the best >> >>>>>interests >>>>> >>>>>>>of American citizens and, as a Canadian, I am very >>>> >>>>concerned about the >>>> >>>>>>>United States' efforts to impose its draconian views >> >>of copyright >> >>>>>>>enforcement on the rest of the world. >>>>>>> Good DRM does not have to put Big Brother on your hard >>>> >>>>drive. If it >>>> >>>>>does, >>>>> >>>>>>>then the price is too high. >>>>>> >>>>>>Right. So one of the notions we put forward in the IETF >>>> >>>>was: is it at all >>>> >>>>>>possible to create "open-source DRM technologies", so >> >>that small >> >>>>>>mom-and-pop publishers need not pay $$$ for proprietary >>>> >>>>solutions. The >>>> >>>>>>analogy is that with Linux and the Apache webserver, >>>> >>>>which are available >>>> >>>>>>for around $30. >>>>>>Another useful comparison in the RSA encryption >>>> >>>>algorithm, which is good >>>> >>>>>>technology, well understood, standardized and now finally >>>> >>>>over the patent >>>> >>>>>>hurdle. >>>>>> >>>>>>I realize that some folks take the (radical) position of >>>> >>>>being against any >>>> >>>>>>development of DRM technology whatsoever. The best way >>>> >>>>to ensure Big >>>> >>>>>>Brother does not happen is to go against any work >>>> >>>>relating to DRM. The >>>> >>>>>>reality is that DRM Technology is here to stay >>>> >>>>(proprietary), whether we >>>> >>>>>>like it or not. It will ship inside PCs and in consumer >>>> >>>>electronics >>>> >>>>>>devices. I think such a position actually helps the Big >>>> >>>>Brother syndrome, >>>> >>>>>>as it does not provide an option to the general public as >>>> >>>>to alternative >>>> >>>>>>sources of technology. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>On a philosophical level then, I say there is a need for >>>> >>>>smart people to >>>> >>>>>>>build workable DRM that citizens can live with. >>>>>>> >>>>>>>The point issue of this technical group's mandate is >>>> >>>>much clearer IMO. >>>> >>>>>The >>>>> >>>>>>>core >>>>>>>technology challenges for DRM are terminal node >>>> >>>>challenges, not network >>>> >>>>>>>challenges. Sure, a network is usually involved, but DRM >>>> >>>>is nothing >>>> >>>>>special >>>>> >>>>>>>for the network. DRM's basic network needs are nothing >>>> >>>>harder than >>>> >>>>>>>http/https over tcp/ip. And the terminal mode challenges >>>> >>>>are largely >>>> >>>>>about >>>>> >>>>>>>things like tamper-resistance, which are proprietary >> >>and not very >> >>>>>amenable >>>>> >>>>>>>to >>>>>>>standardization. It's not something where an IETF group >>>> >>>>adds much value. >>>> >>>>>>Right. This is where the word "DRM" is I think a >>>> >>>>misnomer for the IETF >>>> >>>>>>efforts. You are absolutely right, that DRM is indeed >>>> >>>>"terminal node >>>> >>>>>>challenges" (ie. development of rights-enforcing >>>> >>>>terminals), which is not >>>> >>>>>>the traditional area of work for the IETF. >>>>>> >>>>>>However, there some network issues that is part of what I >>>> >>>>call the "DRM >>>> >>>>>>macrocosm", which included functions relating to >>>> >>>>look-ups, secure network >>>> >>>>>>storage, transaction clearinghouse, etc. These would >> >>appear to be >> >>>>>suitable >>>>> >>>>>>for work items in the IETF. >>>>>> >>>>>>Thus, one possible change to IDRM is a new name that is >>>> >>>>less likely to be >>>> >>>>>>controversial. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>So where does that leave the group ? Seems to me the >>>> >>>>options include: >>>> >>>>>>>1) disband >>>>>>>2) generalize the focus to a multidisciplinary one, >>>> >>>>along the lines of >>>> >>>>>>>http://www.bcdforum.org . (Though I have to confess >> >>I find that >> >>>>>organization >>>>> >>>>>>>lacking substance.) >>>>>>>3) Find specific technical problems that are obstacles >>>> >>>>to good (i.e. >>>> >>>>>>>effective but not Orwellian) DRM, which are going >>>> >>>>begging, and in scope, >>>> >>>>>>>and work on solutions. >>>>>>> >>>>>>>I don't have a top-of-mind suggestion for #3, but it >>>> >>>>sounds like the most >>>> >>>>>>>fun! >>>>>> >>>>>>Yes, the keyword is "fun". Perhaps others on the list >>>> >>>>may have specific >>>> >>>>>>suggestions? >>>>>> >>>>>>cheers, >>>>>> >>>>>>thomas >>>>>>------ >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>Other thoughts ??? >>>>>>> >>>>>>>Best Regards, >>>>>>> Gord Larose >>>>>>> >>>>>>>----- Original Message ----- >>>>>>>From: "Mark Baugher" >>>>>>>To: >>>>>>>Cc: ; "Vern Paxson" >>>>>>>Sent: Tuesday, December 10, 2002 6:43 PM >>>>>>>Subject: [IDRM] Disband or recharter IDRM? >>>>>>> >>>>>>> >>>>>>>>IDRM has obviously been dormant for about a year. >>>>>>>>SNIP< >>>>>> > > From nanditag@text100.com Thu Dec 12 01:34:28 2002 From: nanditag@text100.com (Nandita Geerdink (US)) Date: Wed, 11 Dec 2002 17:34:28 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <77C3E738CCB3D411BAD200B0D049E90B0168A7AA@NASFOEXC> Please remove me from this alias. Thank you. Kind regards, Nandita -----Original Message----- From: Lisa Rein [mailto:lisarein@finetuning.com] Sent: Wednesday, December 11, 2002 5:33 PM To: Paul Lambert Cc: Mark Baugher; ietf-idrm@lists.elistx.com Subject: Re: [IDRM] Disband or recharter IDRM? If I understand IETF procedures correctly, it is a common practice to reopen a irtf list for the purposes of discussing whether or not there should be a re-charter. plus it would appear discussions of this sort are encouraged by the IRTF charter (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt): > Even more than the IETF, the work of the IRSG is expected to be > marked by informality. The goal is to encourage and foster valuable > research, not to add burdensome bureaucracy to the endeavor. Thanks, lisa Paul Lambert wrote: >>Just so we are all on the same page, a stated "business reason" is not >>among the criteria used to establish and guide an Internet Research Task >>Force (IRTF) Research Group such as IDRM > > > There needs to be some reason for the community at large to participate. > > >>Force (IRTF) Research Group such as IDRM >>(ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > Which says: > > The products of a Research Group are research > results that may be disseminated by publication in scholarly journals > and conferences, as white papers for the community, as Informational > RFCs, and so on. In addition, it is expected that technologies > developed in a Research Group will be brought to the IETF as input to > IETF Working Group(s) for possible standardization. > > It does not say 'discussion forum'. What are the specific work products for this group? > > > Paul > > >>-----Original Message----- >>From: Mark Baugher [mailto:mbaugher@cisco.com] >>Sent: Wednesday, December 11, 2002 3:22 PM >>To: Paul Lambert >>Cc: ietf-idrm@lists.elistx.com >>Subject: RE: [IDRM] Disband or recharter IDRM? >> >> >>At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: >> >> >>>>Please, I do not have a business need for these emails. >>> >>>Perhaps no one has a business reason for this committee and >> >>it should be >> >>>disbanded. >> >>Just so we are all on the same page, a stated "business >>reason" is not >>among the criteria used to establish and guide an Internet >>Research Task >>Force (IRTF) Research Group such as IDRM >>(ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >> >>Mark >> >> >> >>>Business reasons for a specific technology does not >> >>guarentee that there >> >>>is any reason for an open interoperable standard. >>> >>> >>>Paul >>> >>> >>>>-----Original Message----- >>>>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] >>>>Sent: Wednesday, December 11, 2002 2:48 PM >>>>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >>>>'glarose@info-mech.com'; 'mbaugher@cisco.com' >>>>Subject: RE: [IDRM] Disband or recharter IDRM? >>>> >>>> >>>>Please, I do not have a business need for these emails. >>>>Please, remove from the list. >>>> >>>> >>>>-----Original Message----- >>>>From: Thomas Hardjono [mailto:thardjono@yahoo.com] >>>>Sent: Wednesday, December 11, 2002 2:09 PM >>>>To: Gord Larose >>>>Cc: ietf-idrm@lists.elistx.com >>>>Subject: Re: [IDRM] Disband or recharter IDRM? >>>> >>>> >>>>At 12/11/2002||03:16 PM, Gord Larose wrote: >>>> >>>>>Hi Thomas, >>>>>Thanks for the feedback and update. At a high level I >> >>agree with you >> >>>>>completely. >>>>> >>>>>However, at a technical level, "Open source DRM" makes my >>>> >>>>brain hurt. It's >>>> >>>>>hard enough hide anything in BINARY inside a PC; but like it >>>> >>>>or not, that's >>>> >>>>>one thing DRM has to do. I should know... the NetActive >>>> >>>>technology I was >>>> >>>>>largely responsible for addresses exactly that problem. That >>>> >>>>technology has >>>> >>>>>never, to my knowledge, been publicly cracked... but I doubt >>>> >>>>that would have >>>> >>>>>been true if we'd published the source ! >>>> >>>>Yes, I agree: "open source DRM" makes my brain hurt too :) >>>>However, this >>>>seems to be the only way to provide an alternative to proprietary >>>>technology. In many cases, perhaps the mom-and-pop >>>>"publisher" does not >>>>need 100% hack-proof DRM (maybe not even 90% hack-proof), but >>>>enough to >>>>discourage non-technical people from trying to break it. >>>> >>>> >>>> >>>>>And from a business perspective, Mom & Pop businesses >> >>already have >> >>>>>inexpensive, low-end protection technologies available e.g. from >>>>>third-party software TBYB wrappers, or via, say, Windows >>>> >>>>Media Player DRM. >>>> >>>>>The obstacles are more about complexity, churn, supplier >>>> >>>>viability, trust, >>>> >>>>>and branding, than about cost or availability. >>>> >>>>Hmm, I'm not sure I follow here. WMP is only for certain >>>>types of contents >>>>(e.g. not books, newspapers, newletters, etc). >>>> >>>> >>>> >>>> >>>>>So we'd have to be careful about what the values of such a >>>> >>>>system were... if >>>> >>>>>we could figure out how it would work ! >>>>> >>>>>Here's an entertaining thought: suppose we emphasize TRUST >>>> >>>>and CONTINUITY. >>>> >>>>>Maybe we could even subvert Palladium and the Fritz Chip to >>>> >>>>nobler ends ? >>>> >>>>>i.e. a system that WILL, in some sense, robustly protect >>>> >>>>content, but WILL >>>> >>>>>NOT - as a matter of the supplier's policy - do any of the >>>> >>>>things that >>>> >>>>>consumers and libertarians rightly fear ? And a further >> >>benefit of an >> >>>>>open-source (that may not be the right term, maybe >>>> >>>>"distributed ownership" >>>> >>>>>is better) model could be the continuing availability of the >>>> >>>>solution e.g. >>>> >>>>>Red Hat may die, but Linux won't. >>>> >>>> >>>>OK, so this is a *very* interesting question. These are >> >>the types of >> >>>>questions that needs to be discussed in a open forum and >>>>where pieces of it >>>>can be standardized (the way many pieces of Linux has been >>>>standardized). >>>> >>>>cheers, >>>> >>>>thomas >>>>------ >>>> >>>> >>>> >>>> >>>>>I'm not sure how to do this, but maybe we could figure it out ! >>>>> >>>>>Cheers, >>>>> Gord 8-) >>>>> >>>>> >>>>> >>>>>----- Original Message ----- >>>>>From: "Thomas Hardjono" >>>>>To: ; >>>>>Sent: Wednesday, December 11, 2002 12:55 PM >>>>>Subject: Re: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>> >>>>>>Gord, >>>>>> >>>>>>I agree with most of your comments. Judging from the >>>> >>>>"emotional outcry" we >>>> >>>>>>received at the last IDRM meeting (Salt Lake City IETF, >>>> >>>>end of 2001), DRM >>>> >>>>>>seems to mean different things to different people. >>>>>> >>>>>> >>>>>>At 12/11/2002||09:23 AM, Gord Larose wrote: >>>>>> >>>>>>>Hello: >>>>>>> Most of you on the list will not know me, as I came >>>> >>>>in during your >>>> >>>>>period >>>>> >>>>>>>of dormancy. I too have been mulling these issues, as >>>> >>>>the DRM company >>>> >>>>>that >>>>> >>>>>>>I helped found (NetActive) struggled like most others in >>>> >>>>the space. >>>> >>>>>>>I think there are two classes of issues here - the >>>> >>>>social-advocacy ones >>>> >>>>>>>and the technical ones. >>>>>>> >>>>>>>The social-advocacy issues are horribly subjective. The >>>> >>>>concerns were >>>> >>>>>>>well expressed in Mark's email, and we could spend >>>> >>>>thousands of words >>>> >>>>>>>debating them. For what it >>>>>>>is worth, I believe that DRM is not philosophically >>>> >>>>wrong, and further, >>>> >>>>>that >>>>> >>>>>>>it is commercially necessary. However, I do not believe >>>> >>>>that the current >>>> >>>>>>>"axis of greed" between Hollywood and Washington >> >>serves the best >> >>>>>interests >>>>> >>>>>>>of American citizens and, as a Canadian, I am very >>>> >>>>concerned about the >>>> >>>>>>>United States' efforts to impose its draconian views >> >>of copyright >> >>>>>>>enforcement on the rest of the world. >>>>>>> Good DRM does not have to put Big Brother on your hard >>>> >>>>drive. If it >>>> >>>>>does, >>>>> >>>>>>>then the price is too high. >>>>>> >>>>>>Right. So one of the notions we put forward in the IETF >>>> >>>>was: is it at all >>>> >>>>>>possible to create "open-source DRM technologies", so >> >>that small >> >>>>>>mom-and-pop publishers need not pay $$$ for proprietary >>>> >>>>solutions. The >>>> >>>>>>analogy is that with Linux and the Apache webserver, >>>> >>>>which are available >>>> >>>>>>for around $30. >>>>>>Another useful comparison in the RSA encryption >>>> >>>>algorithm, which is good >>>> >>>>>>technology, well understood, standardized and now finally >>>> >>>>over the patent >>>> >>>>>>hurdle. >>>>>> >>>>>>I realize that some folks take the (radical) position of >>>> >>>>being against any >>>> >>>>>>development of DRM technology whatsoever. The best way >>>> >>>>to ensure Big >>>> >>>>>>Brother does not happen is to go against any work >>>> >>>>relating to DRM. The >>>> >>>>>>reality is that DRM Technology is here to stay >>>> >>>>(proprietary), whether we >>>> >>>>>>like it or not. It will ship inside PCs and in consumer >>>> >>>>electronics >>>> >>>>>>devices. I think such a position actually helps the Big >>>> >>>>Brother syndrome, >>>> >>>>>>as it does not provide an option to the general public as >>>> >>>>to alternative >>>> >>>>>>sources of technology. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>On a philosophical level then, I say there is a need for >>>> >>>>smart people to >>>> >>>>>>>build workable DRM that citizens can live with. >>>>>>> >>>>>>>The point issue of this technical group's mandate is >>>> >>>>much clearer IMO. >>>> >>>>>The >>>>> >>>>>>>core >>>>>>>technology challenges for DRM are terminal node >>>> >>>>challenges, not network >>>> >>>>>>>challenges. Sure, a network is usually involved, but DRM >>>> >>>>is nothing >>>> >>>>>special >>>>> >>>>>>>for the network. DRM's basic network needs are nothing >>>> >>>>harder than >>>> >>>>>>>http/https over tcp/ip. And the terminal mode challenges >>>> >>>>are largely >>>> >>>>>about >>>>> >>>>>>>things like tamper-resistance, which are proprietary >> >>and not very >> >>>>>amenable >>>>> >>>>>>>to >>>>>>>standardization. It's not something where an IETF group >>>> >>>>adds much value. >>>> >>>>>>Right. This is where the word "DRM" is I think a >>>> >>>>misnomer for the IETF >>>> >>>>>>efforts. You are absolutely right, that DRM is indeed >>>> >>>>"terminal node >>>> >>>>>>challenges" (ie. development of rights-enforcing >>>> >>>>terminals), which is not >>>> >>>>>>the traditional area of work for the IETF. >>>>>> >>>>>>However, there some network issues that is part of what I >>>> >>>>call the "DRM >>>> >>>>>>macrocosm", which included functions relating to >>>> >>>>look-ups, secure network >>>> >>>>>>storage, transaction clearinghouse, etc. These would >> >>appear to be >> >>>>>suitable >>>>> >>>>>>for work items in the IETF. >>>>>> >>>>>>Thus, one possible change to IDRM is a new name that is >>>> >>>>less likely to be >>>> >>>>>>controversial. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>So where does that leave the group ? Seems to me the >>>> >>>>options include: >>>> >>>>>>>1) disband >>>>>>>2) generalize the focus to a multidisciplinary one, >>>> >>>>along the lines of >>>> >>>>>>>http://www.bcdforum.org . (Though I have to confess >> >>I find that >> >>>>>organization >>>>> >>>>>>>lacking substance.) >>>>>>>3) Find specific technical problems that are obstacles >>>> >>>>to good (i.e. >>>> >>>>>>>effective but not Orwellian) DRM, which are going >>>> >>>>begging, and in scope, >>>> >>>>>>>and work on solutions. >>>>>>> >>>>>>>I don't have a top-of-mind suggestion for #3, but it >>>> >>>>sounds like the most >>>> >>>>>>>fun! >>>>>> >>>>>>Yes, the keyword is "fun". Perhaps others on the list >>>> >>>>may have specific >>>> >>>>>>suggestions? >>>>>> >>>>>>cheers, >>>>>> >>>>>>thomas >>>>>>------ >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>Other thoughts ??? >>>>>>> >>>>>>>Best Regards, >>>>>>> Gord Larose >>>>>>> >>>>>>>----- Original Message ----- >>>>>>>From: "Mark Baugher" >>>>>>>To: >>>>>>>Cc: ; "Vern Paxson" >>>>>>>Sent: Tuesday, December 10, 2002 6:43 PM >>>>>>>Subject: [IDRM] Disband or recharter IDRM? >>>>>>> >>>>>>> >>>>>>>>IDRM has obviously been dormant for about a year. >>>>>>>>SNIP< >>>>>> > > From PaulLambert@AirgoNetworks.Com Thu Dec 12 01:37:40 2002 From: PaulLambert@AirgoNetworks.Com (Paul Lambert) Date: Wed, 11 Dec 2002 17:37:40 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: <3FFBC907DD03A34CA4410C5C745DEB12E7A17D@wnimail.woodsidenet.com> > Paul > www.irtf.org is the main page from which you can navigate=20 > to the IDRM=20 > page, which is where the RG deliverables are described. Yes, but .. The 'deliverables' are not clear ... for example: "The IDRM Research Group will begin its work by surveying the area of= Digital Rights Management (DRM), and develop a coherent taxonomy of = problems related to DRM with their inter- relationships." I'm not sure how I would use this result. =20 Picking a smaller clearer deliverable would hopefully get more intere= st and involvement. Paul > -----Original Message----- > From: Mark Baugher [mailto:mbaugher@cisco.com] > Sent: Wednesday, December 11, 2002 5:26 PM > To: Paul Lambert > Cc: ietf-idrm@lists.elistx.com > Subject: RE: [IDRM] Disband or recharter IDRM? >=20 >=20 > Paul > www.irtf.org is the main page from which you can navigate=20 > to the IDRM=20 > page, which is where the RG deliverables are described. >=20 > Mark > At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote: >=20 > > > Just so we are all on the same page, a stated "business =20 > reason" is not > > > among the criteria used to establish and guide an=20 > Internet Research Task > > > Force (IRTF) Research Group such as IDRM > > > >There needs to be some reason for the community at large to=20 > participate. > > > > > Force (IRTF) Research Group such as IDRM > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > >Which says: > > > > The products of a Research Group are research > > results that may be disseminated by publication in=20 > scholarly journals > > and conferences, as white papers for the community, as=20 > Informational > > RFCs, and so on. In addition, it is expected that technologie= s > > developed in a Research Group will be brought to the=20 > IETF as input to > > IETF Working Group(s) for possible standardization. > > > >It does not say 'discussion forum'. What are the specific=20 > work products=20 > >for this group? > > > > > >Paul > > > > > -----Original Message----- > > > From: Mark Baugher [mailto:mbaugher@cisco.com] > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > To: Paul Lambert > > > Cc: ietf-idrm@lists.elistx.com > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > > > > > Please, I do not have a business need for these emails. > > > > > > > >Perhaps no one has a business reason for this committee and > > > it should be > > > >disbanded. > > > > > > Just so we are all on the same page, a stated "business > > > reason" is not > > > among the criteria used to establish and guide an Internet > > > Research Task > > > Force (IRTF) Research Group such as IDRM > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > > Mark > > > > > > > > > >Business reasons for a specific technology does not > > > guarentee that there > > > >is any reason for an open interoperable standard. > > > > > > > > > > > >Paul > > > > > > > > > -----Original Message----- > > > > > From: Theisen, Isabelle=20 > [mailto:Isabelle.Theisen@unistudios.com] > > > > > Sent: Wednesday, December 11, 2002 2:48 PM > > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > Please, I do not have a business need for these emails. > > > > > Please, remove from the list. > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > > > > Sent: Wednesday, December 11, 2002 2:09 PM > > > > > To: Gord Larose > > > > > Cc: ietf-idrm@lists.elistx.com > > > > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > > > > >Hi Thomas, > > > > > >Thanks for the feedback and update. At a high level I > > > agree with you > > > > > >completely. > > > > > > > > > > > >However, at a technical level, "Open source DRM" makes my > > > > > brain hurt. It's > > > > > >hard enough hide anything in BINARY inside a PC; but like = it > > > > > or not, that's > > > > > >one thing DRM has to do. I should know... the NetActive > > > > > technology I was > > > > > >largely responsible for addresses exactly that problem. Th= at > > > > > technology has > > > > > >never, to my knowledge, been publicly cracked... but I dou= bt > > > > > that would have > > > > > >been true if we'd published the source ! > > > > > > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > > > > However, this > > > > > seems to be the only way to provide an alternative to=20 > proprietary > > > > > technology. In many cases, perhaps the mom-and-pop > > > > > "publisher" does not > > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), b= ut > > > > > enough to > > > > > discourage non-technical people from trying to break it. > > > > > > > > > > > > > > > >And from a business perspective, Mom & Pop businesses > > > already have > > > > > >inexpensive, low-end protection technologies=20 > available e.g. from > > > > > >third-party software TBYB wrappers, or via, say, Windows > > > > > Media Player DRM. > > > > > >The obstacles are more about complexity, churn, supplier > > > > > viability, trust, > > > > > >and branding, than about cost or availability. > > > > > > > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > > > > types of contents > > > > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > > > > > > > > > > > > > >So we'd have to be careful about what the values of such a > > > > > system were... if > > > > > >we could figure out how it would work ! > > > > > > > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > > > > and CONTINUITY. > > > > > >Maybe we could even subvert Palladium and the Fritz Chip t= o > > > > > nobler ends ? > > > > > >i.e. a system that WILL, in some sense, robustly protect > > > > > content, but WILL > > > > > >NOT - as a matter of the supplier's policy - do any of t= he > > > > > things that > > > > > >consumers and libertarians rightly fear ? And a further > > > benefit of an > > > > > >open-source (that may not be the right term, maybe > > > > > "distributed ownership" > > > > > >is better) model could be the continuing availability of t= he > > > > > solution e.g. > > > > > >Red Hat may die, but Linux won't. > > > > > > > > > > > > > > > OK, so this is a *very* interesting question. These are > > > the types of > > > > > questions that needs to be discussed in a open forum and > > > > > where pieces of it > > > > > can be standardized (the way many pieces of Linux has been > > > > > standardized). > > > > > > > > > > cheers, > > > > > > > > > > thomas > > > > > ------ > > > > > > > > > > > > > > > > > > > > >I'm not sure how to do this, but maybe we could=20 > figure it out ! > > > > > > > > > > > >Cheers, > > > > > > Gord 8-) > > > > > > > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > >From: "Thomas Hardjono" > > > > > >To: ; > > > > > >Sent: Wednesday, December 11, 2002 12:55 PM > > > > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > > > > > > > > > Gord, > > > > > > > > > > > > > > I agree with most of your comments. Judging from the > > > > > "emotional outcry" we > > > > > > > received at the last IDRM meeting (Salt Lake City IETF, > > > > > end of 2001), DRM > > > > > > > seems to mean different things to different people. > > > > > > > > > > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > > > > >Hello: > > > > > > > > Most of you on the list will not know me, as I came > > > > > in during your > > > > > >period > > > > > > > >of dormancy. I too have been mulling these issues, as > > > > > the DRM company > > > > > >that > > > > > > > >I helped found (NetActive) struggled like most others = in > > > > > the space. > > > > > > > > > > > > > > > >I think there are two classes of issues here - the > > > > > social-advocacy ones > > > > > > > >and the technical ones. > > > > > > > > > > > > > > > >The social-advocacy issues are horribly subjective. Th= e > > > > > concerns were > > > > > > > >well expressed in Mark's email, and we could spend > > > > > thousands of words > > > > > > > >debating them. For what it > > > > > > > >is worth, I believe that DRM is not philosophically > > > > > wrong, and further, > > > > > >that > > > > > > > >it is commercially necessary. However, I do not believ= e > > > > > that the current > > > > > > > >"axis of greed" between Hollywood and Washington > > > serves the best > > > > > >interests > > > > > > > >of American citizens and, as a Canadian, I am very > > > > > concerned about the > > > > > > > >United States' efforts to impose its draconian views > > > of copyright > > > > > > > >enforcement on the rest of the world. > > > > > > > > Good DRM does not have to put Big Brother on your ha= rd > > > > > drive. If it > > > > > >does, > > > > > > > >then the price is too high. > > > > > > > > > > > > > > Right. So one of the notions we put forward in the IETF > > > > > was: is it at all > > > > > > > possible to create "open-source DRM technologies", so > > > that small > > > > > > > mom-and-pop publishers need not pay $$$ for proprietary > > > > > solutions. The > > > > > > > analogy is that with Linux and the Apache webserver, > > > > > which are available > > > > > > > for around $30. > > > > > > > Another useful comparison in the RSA encryption > > > > > algorithm, which is good > > > > > > > technology, well understood, standardized and now final= ly > > > > > over the patent > > > > > > > hurdle. > > > > > > > > > > > > > > I realize that some folks take the (radical) position o= f > > > > > being against any > > > > > > > development of DRM technology whatsoever. The best way > > > > > to ensure Big > > > > > > > Brother does not happen is to go against any work > > > > > relating to DRM. The > > > > > > > reality is that DRM Technology is here to stay > > > > > (proprietary), whether we > > > > > > > like it or not. It will ship inside PCs and in consume= r > > > > > electronics > > > > > > > devices. I think such a position actually helps the Bi= g > > > > > Brother syndrome, > > > > > > > as it does not provide an option to the general public = as > > > > > to alternative > > > > > > > sources of technology. > > > > > > > > > > > > > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need f= or > > > > > smart people to > > > > > > > >build workable DRM that citizens can live with. > > > > > > > > > > > > > > > >The point issue of this technical group's mandate is > > > > > much clearer IMO. > > > > > >The > > > > > > > >core > > > > > > > >technology challenges for DRM are terminal node > > > > > challenges, not network > > > > > > > >challenges. Sure, a network is usually involved, but D= RM > > > > > is nothing > > > > > >special > > > > > > > >for the network. DRM's basic network needs are nothing > > > > > harder than > > > > > > > >http/https over tcp/ip. And the terminal mode challeng= es > > > > > are largely > > > > > >about > > > > > > > >things like tamper-resistance, which are proprietary > > > and not very > > > > > >amenable > > > > > > > >to > > > > > > > >standardization. It's not something where an IETF grou= p > > > > > adds much value. > > > > > > > > > > > > > > Right. This is where the word "DRM" is I think a > > > > > misnomer for the IETF > > > > > > > efforts. You are absolutely right, that DRM is indeed > > > > > "terminal node > > > > > > > challenges" (ie. development of rights-enforcing > > > > > terminals), which is not > > > > > > > the traditional area of work for the IETF. > > > > > > > > > > > > > > However, there some network issues that is part of what= I > > > > > call the "DRM > > > > > > > macrocosm", which included functions relating to > > > > > look-ups, secure network > > > > > > > storage, transaction clearinghouse, etc. These would > > > appear to be > > > > > >suitable > > > > > > > for work items in the IETF. > > > > > > > > > > > > > > Thus, one possible change to IDRM is a new name that is > > > > > less likely to be > > > > > > > controversial. > > > > > > > > > > > > > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > > > > options include: > > > > > > > >1) disband > > > > > > > >2) generalize the focus to a multidisciplinary one, > > > > > along the lines of > > > > > > > >http://www.bcdforum.org . (Though I have to confess > > > I find that > > > > > >organization > > > > > > > >lacking substance.) > > > > > > > >3) Find specific technical problems that are obstacles > > > > > to good (i.e. > > > > > > > >effective but not Orwellian) DRM, which are going > > > > > begging, and in scope, > > > > > > > >and work on solutions. > > > > > > > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > > > > sounds like the most > > > > > > > >fun! > > > > > > > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > > > > may have specific > > > > > > > suggestions? > > > > > > > > > > > > > > cheers, > > > > > > > > > > > > > > thomas > > > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > > > > > > > >Best Regards, > > > > > > > > Gord Larose > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > > > >From: "Mark Baugher" > > > > > > > >To: > > > > > > > >Cc: ; "Vern Paxson" > > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > > > > >SNIP< > > > > > > > > > > > > > > > >=20 From lisarein@finetuning.com Thu Dec 12 01:38:18 2002 From: lisarein@finetuning.com (Lisa Rein) Date: Wed, 11 Dec 2002 17:38:18 -0800 Subject: [IETF-IDRM] Re: [IDRM] Disband or recharter IDRM? In-Reply-To: <3DF7E73C.2080402@finetuning.com> References: <3FFBC907DD03A34CA4410C5C745DEB12E7A17B@wnimail.woodsidenet.com> <3DF7E73C.2080402@finetuning.com> Message-ID: <3DF7E88A.9080204@finetuning.com> I meant by the IRTF "Guidelines and Procedures", as written by A. Weinrib and J. Postel: ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt didn't mean to confuse things referring to it as a "charter". "Even more than the IETF, the work of the IRSG is expected to be marked by informality. The goal is to encourage and foster valuable research, not to add burdensome bureaucracy to the endeavor." Thanks, lisa Lisa Rein wrote: > If I understand IETF procedures correctly, it is a common practice to > reopen a irtf list for the purposes of discussing whether or not there > should be a re-charter. > > plus it would appear discussions of this sort are encouraged by the > IRTF charter (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt): > >> Even more than the IETF, the work of the IRSG is expected to be >> marked by informality. The goal is to encourage and foster valuable >> research, not to add burdensome bureaucracy to the endeavor. > > > > Thanks, > > lisa > > > > Paul Lambert wrote: > >>> Just so we are all on the same page, a stated "business reason" is >>> not among the criteria used to establish and guide an Internet >>> Research Task Force (IRTF) Research Group such as IDRM >> >> >> >> There needs to be some reason for the community at large to participate. >> >>> Force (IRTF) Research Group such as IDRM >>> (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >> >> >> >> >> Which says: >> >> The products of a Research Group are research >> results that may be disseminated by publication in scholarly journals >> and conferences, as white papers for the community, as Informational >> RFCs, and so on. In addition, it is expected that technologies >> developed in a Research Group will be brought to the IETF as input to >> IETF Working Group(s) for possible standardization. >> >> It does not say 'discussion forum'. What are the specific work >> products for this group? >> >> >> Paul >> >> >>> -----Original Message----- >>> From: Mark Baugher [mailto:mbaugher@cisco.com] >>> Sent: Wednesday, December 11, 2002 3:22 PM >>> To: Paul Lambert >>> Cc: ietf-idrm@lists.elistx.com >>> Subject: RE: [IDRM] Disband or recharter IDRM? >>> >>> >>> At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: >>> >>> >>>>> Please, I do not have a business need for these emails. >>>> >>>> >>>> Perhaps no one has a business reason for this committee and >>> >>> >>> it should be >>> >>>> disbanded. >>> >>> >>> Just so we are all on the same page, a stated "business reason" is >>> not among the criteria used to establish and guide an Internet >>> Research Task Force (IRTF) Research Group such as IDRM >>> (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >>> >>> Mark >>> >>> >>> >>>> Business reasons for a specific technology does not >>> >>> >>> guarentee that there >>> >>>> is any reason for an open interoperable standard. >>>> >>>> >>>> Paul >>>> >>>> >>>>> -----Original Message----- >>>>> From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] >>>>> Sent: Wednesday, December 11, 2002 2:48 PM >>>>> To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >>>>> 'glarose@info-mech.com'; 'mbaugher@cisco.com' >>>>> Subject: RE: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>> Please, I do not have a business need for these emails. >>>>> Please, remove from the list. >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: Thomas Hardjono [mailto:thardjono@yahoo.com] >>>>> Sent: Wednesday, December 11, 2002 2:09 PM >>>>> To: Gord Larose >>>>> Cc: ietf-idrm@lists.elistx.com >>>>> Subject: Re: [IDRM] Disband or recharter IDRM? >>>>> >>>>> >>>>> At 12/11/2002||03:16 PM, Gord Larose wrote: >>>>> >>>>>> Hi Thomas, >>>>>> Thanks for the feedback and update. At a high level I >>> >>> >>> agree with you >>> >>>>>> completely. >>>>>> >>>>>> However, at a technical level, "Open source DRM" makes my >>>>> >>>>> >>>>> brain hurt. It's >>>>> >>>>>> hard enough hide anything in BINARY inside a PC; but like it >>>>> >>>>> >>>>> or not, that's >>>>> >>>>>> one thing DRM has to do. I should know... the NetActive >>>>> >>>>> >>>>> technology I was >>>>> >>>>>> largely responsible for addresses exactly that problem. That >>>>> >>>>> >>>>> technology has >>>>> >>>>>> never, to my knowledge, been publicly cracked... but I doubt >>>>> >>>>> >>>>> that would have >>>>> >>>>>> been true if we'd published the source ! >>>>> >>>>> >>>>> Yes, I agree: "open source DRM" makes my brain hurt too :) >>>>> However, this >>>>> seems to be the only way to provide an alternative to proprietary >>>>> technology. In many cases, perhaps the mom-and-pop >>>>> "publisher" does not >>>>> need 100% hack-proof DRM (maybe not even 90% hack-proof), but >>>>> enough to >>>>> discourage non-technical people from trying to break it. >>>>> >>>>> >>>>> >>>>>> And from a business perspective, Mom & Pop businesses >>> >>> >>> already have >>> >>>>>> inexpensive, low-end protection technologies available e.g. from >>>>>> third-party software TBYB wrappers, or via, say, Windows >>>>> >>>>> >>>>> Media Player DRM. >>>>> >>>>>> The obstacles are more about complexity, churn, supplier >>>>> >>>>> >>>>> viability, trust, >>>>> >>>>>> and branding, than about cost or availability. >>>>> >>>>> >>>>> Hmm, I'm not sure I follow here. WMP is only for certain >>>>> types of contents >>>>> (e.g. not books, newspapers, newletters, etc). >>>>> >>>>> >>>>> >>>>> >>>>>> So we'd have to be careful about what the values of such a >>>>> >>>>> >>>>> system were... if >>>>> >>>>>> we could figure out how it would work ! >>>>>> >>>>>> Here's an entertaining thought: suppose we emphasize TRUST >>>>> >>>>> >>>>> and CONTINUITY. >>>>> >>>>>> Maybe we could even subvert Palladium and the Fritz Chip to >>>>> >>>>> >>>>> nobler ends ? >>>>> >>>>>> i.e. a system that WILL, in some sense, robustly protect >>>>> >>>>> >>>>> content, but WILL >>>>> >>>>>> NOT - as a matter of the supplier's policy - do any of the >>>>> >>>>> >>>>> things that >>>>> >>>>>> consumers and libertarians rightly fear ? And a further >>> >>> >>> benefit of an >>> >>>>>> open-source (that may not be the right term, maybe >>>>> >>>>> >>>>> "distributed ownership" >>>>> >>>>>> is better) model could be the continuing availability of the >>>>> >>>>> >>>>> solution e.g. >>>>> >>>>>> Red Hat may die, but Linux won't. >>>>> >>>>> >>>>> >>>>> OK, so this is a *very* interesting question. These are >>> >>> >>> the types of >>> >>>>> questions that needs to be discussed in a open forum and >>>>> where pieces of it >>>>> can be standardized (the way many pieces of Linux has been >>>>> standardized). >>>>> >>>>> cheers, >>>>> >>>>> thomas >>>>> ------ >>>>> >>>>> >>>>> >>>>> >>>>>> I'm not sure how to do this, but maybe we could figure it out ! >>>>>> >>>>>> Cheers, >>>>>> Gord 8-) >>>>>> >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>> From: "Thomas Hardjono" >>>>>> To: ; >>>>>> Sent: Wednesday, December 11, 2002 12:55 PM >>>>>> Subject: Re: [IDRM] Disband or recharter IDRM? >>>>>> >>>>>> >>>>>> >>>>>>> Gord, >>>>>>> >>>>>>> I agree with most of your comments. Judging from the >>>>> >>>>> >>>>> "emotional outcry" we >>>>> >>>>>>> received at the last IDRM meeting (Salt Lake City IETF, >>>>> >>>>> >>>>> end of 2001), DRM >>>>> >>>>>>> seems to mean different things to different people. >>>>>>> >>>>>>> >>>>>>> At 12/11/2002||09:23 AM, Gord Larose wrote: >>>>>>> >>>>>>>> Hello: >>>>>>>> Most of you on the list will not know me, as I came >>>>> >>>>> >>>>> in during your >>>>> >>>>>> period >>>>>> >>>>>>>> of dormancy. I too have been mulling these issues, as >>>>> >>>>> >>>>> the DRM company >>>>> >>>>>> that >>>>>> >>>>>>>> I helped found (NetActive) struggled like most others in >>>>> >>>>> >>>>> the space. >>>>> >>>>>>>> I think there are two classes of issues here - the >>>>> >>>>> >>>>> social-advocacy ones >>>>> >>>>>>>> and the technical ones. >>>>>>>> >>>>>>>> The social-advocacy issues are horribly subjective. The >>>>> >>>>> >>>>> concerns were >>>>> >>>>>>>> well expressed in Mark's email, and we could spend >>>>> >>>>> >>>>> thousands of words >>>>> >>>>>>>> debating them. For what it >>>>>>>> is worth, I believe that DRM is not philosophically >>>>> >>>>> >>>>> wrong, and further, >>>>> >>>>>> that >>>>>> >>>>>>>> it is commercially necessary. However, I do not believe >>>>> >>>>> >>>>> that the current >>>>> >>>>>>>> "axis of greed" between Hollywood and Washington >>> >>> >>> serves the best >>> >>>>>> interests >>>>>> >>>>>>>> of American citizens and, as a Canadian, I am very >>>>> >>>>> >>>>> concerned about the >>>>> >>>>>>>> United States' efforts to impose its draconian views >>> >>> >>> of copyright >>> >>>>>>>> enforcement on the rest of the world. >>>>>>>> Good DRM does not have to put Big Brother on your hard >>>>> >>>>> >>>>> drive. If it >>>>> >>>>>> does, >>>>>> >>>>>>>> then the price is too high. >>>>>>> >>>>>>> >>>>>>> Right. So one of the notions we put forward in the IETF >>>>> >>>>> >>>>> was: is it at all >>>>> >>>>>>> possible to create "open-source DRM technologies", so >>> >>> >>> that small >>> >>>>>>> mom-and-pop publishers need not pay $$$ for proprietary >>>>> >>>>> >>>>> solutions. The >>>>> >>>>>>> analogy is that with Linux and the Apache webserver, >>>>> >>>>> >>>>> which are available >>>>> >>>>>>> for around $30. >>>>>>> Another useful comparison in the RSA encryption >>>>> >>>>> >>>>> algorithm, which is good >>>>> >>>>>>> technology, well understood, standardized and now finally >>>>> >>>>> >>>>> over the patent >>>>> >>>>>>> hurdle. >>>>>>> >>>>>>> I realize that some folks take the (radical) position of >>>>> >>>>> >>>>> being against any >>>>> >>>>>>> development of DRM technology whatsoever. The best way >>>>> >>>>> >>>>> to ensure Big >>>>> >>>>>>> Brother does not happen is to go against any work >>>>> >>>>> >>>>> relating to DRM. The >>>>> >>>>>>> reality is that DRM Technology is here to stay >>>>> >>>>> >>>>> (proprietary), whether we >>>>> >>>>>>> like it or not. It will ship inside PCs and in consumer >>>>> >>>>> >>>>> electronics >>>>> >>>>>>> devices. I think such a position actually helps the Big >>>>> >>>>> >>>>> Brother syndrome, >>>>> >>>>>>> as it does not provide an option to the general public as >>>>> >>>>> >>>>> to alternative >>>>> >>>>>>> sources of technology. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On a philosophical level then, I say there is a need for >>>>> >>>>> >>>>> smart people to >>>>> >>>>>>>> build workable DRM that citizens can live with. >>>>>>>> >>>>>>>> The point issue of this technical group's mandate is >>>>> >>>>> >>>>> much clearer IMO. >>>>> >>>>>> The >>>>>> >>>>>>>> core >>>>>>>> technology challenges for DRM are terminal node >>>>> >>>>> >>>>> challenges, not network >>>>> >>>>>>>> challenges. Sure, a network is usually involved, but DRM >>>>> >>>>> >>>>> is nothing >>>>> >>>>>> special >>>>>> >>>>>>>> for the network. DRM's basic network needs are nothing >>>>> >>>>> >>>>> harder than >>>>> >>>>>>>> http/https over tcp/ip. And the terminal mode challenges >>>>> >>>>> >>>>> are largely >>>>> >>>>>> about >>>>>> >>>>>>>> things like tamper-resistance, which are proprietary >>> >>> >>> and not very >>> >>>>>> amenable >>>>>> >>>>>>>> to >>>>>>>> standardization. It's not something where an IETF group >>>>> >>>>> >>>>> adds much value. >>>>> >>>>>>> Right. This is where the word "DRM" is I think a >>>>> >>>>> >>>>> misnomer for the IETF >>>>> >>>>>>> efforts. You are absolutely right, that DRM is indeed >>>>> >>>>> >>>>> "terminal node >>>>> >>>>>>> challenges" (ie. development of rights-enforcing >>>>> >>>>> >>>>> terminals), which is not >>>>> >>>>>>> the traditional area of work for the IETF. >>>>>>> >>>>>>> However, there some network issues that is part of what I >>>>> >>>>> >>>>> call the "DRM >>>>> >>>>>>> macrocosm", which included functions relating to >>>>> >>>>> >>>>> look-ups, secure network >>>>> >>>>>>> storage, transaction clearinghouse, etc. These would >>> >>> >>> appear to be >>> >>>>>> suitable >>>>>> >>>>>>> for work items in the IETF. >>>>>>> >>>>>>> Thus, one possible change to IDRM is a new name that is >>>>> >>>>> >>>>> less likely to be >>>>> >>>>>>> controversial. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> So where does that leave the group ? Seems to me the >>>>> >>>>> >>>>> options include: >>>>> >>>>>>>> 1) disband >>>>>>>> 2) generalize the focus to a multidisciplinary one, >>>>> >>>>> >>>>> along the lines of >>>>> >>>>>>>> http://www.bcdforum.org . (Though I have to confess >>> >>> >>> I find that >>> >>>>>> organization >>>>>> >>>>>>>> lacking substance.) >>>>>>>> 3) Find specific technical problems that are obstacles >>>>> >>>>> >>>>> to good (i.e. >>>>> >>>>>>>> effective but not Orwellian) DRM, which are going >>>>> >>>>> >>>>> begging, and in scope, >>>>> >>>>>>>> and work on solutions. >>>>>>>> >>>>>>>> I don't have a top-of-mind suggestion for #3, but it >>>>> >>>>> >>>>> sounds like the most >>>>> >>>>>>>> fun! >>>>>>> >>>>>>> >>>>>>> Yes, the keyword is "fun". Perhaps others on the list >>>>> >>>>> >>>>> may have specific >>>>> >>>>>>> suggestions? >>>>>>> >>>>>>> cheers, >>>>>>> >>>>>>> thomas >>>>>>> ------ >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Other thoughts ??? >>>>>>>> >>>>>>>> Best Regards, >>>>>>>> Gord Larose >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>> From: "Mark Baugher" >>>>>>>> To: >>>>>>>> Cc: ; "Vern Paxson" >>>>>>>> Sent: Tuesday, December 10, 2002 6:43 PM >>>>>>>> Subject: [IDRM] Disband or recharter IDRM? >>>>>>>> >>>>>>>> >>>>>>>>> IDRM has obviously been dormant for about a year. >>>>>>>>> SNIP< >>>>>>> >>>>>>> >> >> > > From jpolimen@us.ibm.com Thu Dec 12 13:54:18 2002 From: jpolimen@us.ibm.com (Joe Polimeni) Date: Thu, 12 Dec 2002 08:54:18 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: I believe the best thing the group could do is: 1. Define the file format (a.k.a. package format) for a DRM protected file. Currently each DRM products has it's own proprietary format. 2. Recommend a rights expression language (ORDL or XrML). 3. Recommend a key flow. The group should stay away any ideological issues. DRM will be used in a variety of situations, not just for music or video. Unless we want a single company to set the direction and provide all the tools we need to set standards. I also think the group should stay away from the technology for developing the "client." Each individual company should make its own protected client, and the content owner can restrict which client can use the content with certificates. Joe ----- Forwarded by Joe Polimeni/Fort Lauderdale/IBM on 12/12/2002 08:45 AM ----- Paul Lambert tworks.Com> cc: ietf-idrm@lists.elistx.com Subject: RE: [IDRM] Disband or recharter IDRM? 12/11/2002 08:37 PM > Paul > www.irtf.org is the main page from which you can navigate > to the IDRM > page, which is where the RG deliverables are described. Yes, but .. The 'deliverables' are not clear ... for example: "The IDRM Research Group will begin its work by surveying the area of Digital Rights Management (DRM), and develop a coherent taxonomy of problems related to DRM with their inter- relationships." I'm not sure how I would use this result. Picking a smaller clearer deliverable would hopefully get more interest and involvement. Paul > -----Original Message----- > From: Mark Baugher [mailto:mbaugher@cisco.com] > Sent: Wednesday, December 11, 2002 5:26 PM > To: Paul Lambert > Cc: ietf-idrm@lists.elistx.com > Subject: RE: [IDRM] Disband or recharter IDRM? > > > Paul > www.irtf.org is the main page from which you can navigate > to the IDRM > page, which is where the RG deliverables are described. > > Mark > At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > Just so we are all on the same page, a stated "business > reason" is not > > > among the criteria used to establish and guide an > Internet Research Task > > > Force (IRTF) Research Group such as IDRM > > > >There needs to be some reason for the community at large to > participate. > > > > > Force (IRTF) Research Group such as IDRM > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > >Which says: > > > > The products of a Research Group are research > > results that may be disseminated by publication in > scholarly journals > > and conferences, as white papers for the community, as > Informational > > RFCs, and so on. In addition, it is expected that technologies > > developed in a Research Group will be brought to the > IETF as input to > > IETF Working Group(s) for possible standardization. > > > >It does not say 'discussion forum'. What are the specific > work products > >for this group? > > > > > >Paul > > > > > -----Original Message----- > > > From: Mark Baugher [mailto:mbaugher@cisco.com] > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > To: Paul Lambert > > > Cc: ietf-idrm@lists.elistx.com > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > > > > > Please, I do not have a business need for these emails. > > > > > > > >Perhaps no one has a business reason for this committee and > > > it should be > > > >disbanded. > > > > > > Just so we are all on the same page, a stated "business > > > reason" is not > > > among the criteria used to establish and guide an Internet > > > Research Task > > > Force (IRTF) Research Group such as IDRM > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > > Mark > > > > > > > > > >Business reasons for a specific technology does not > > > guarentee that there > > > >is any reason for an open interoperable standard. > > > > > > > > > > > >Paul > > > > > > > > > -----Original Message----- > > > > > From: Theisen, Isabelle > [mailto:Isabelle.Theisen@unistudios.com] > > > > > Sent: Wednesday, December 11, 2002 2:48 PM > > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > Please, I do not have a business need for these emails. > > > > > Please, remove from the list. > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > > > > Sent: Wednesday, December 11, 2002 2:09 PM > > > > > To: Gord Larose > > > > > Cc: ietf-idrm@lists.elistx.com > > > > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > > > > >Hi Thomas, > > > > > >Thanks for the feedback and update. At a high level I > > > agree with you > > > > > >completely. > > > > > > > > > > > >However, at a technical level, "Open source DRM" makes my > > > > > brain hurt. It's > > > > > >hard enough hide anything in BINARY inside a PC; but like it > > > > > or not, that's > > > > > >one thing DRM has to do. I should know... the NetActive > > > > > technology I was > > > > > >largely responsible for addresses exactly that problem. That > > > > > technology has > > > > > >never, to my knowledge, been publicly cracked... but I doubt > > > > > that would have > > > > > >been true if we'd published the source ! > > > > > > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > > > > However, this > > > > > seems to be the only way to provide an alternative to > proprietary > > > > > technology. In many cases, perhaps the mom-and-pop > > > > > "publisher" does not > > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > > > > enough to > > > > > discourage non-technical people from trying to break it. > > > > > > > > > > > > > > > >And from a business perspective, Mom & Pop businesses > > > already have > > > > > >inexpensive, low-end protection technologies > available e.g. from > > > > > >third-party software TBYB wrappers, or via, say, Windows > > > > > Media Player DRM. > > > > > >The obstacles are more about complexity, churn, supplier > > > > > viability, trust, > > > > > >and branding, than about cost or availability. > > > > > > > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > > > > types of contents > > > > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > > > > > > > > > > > > > >So we'd have to be careful about what the values of such a > > > > > system were... if > > > > > >we could figure out how it would work ! > > > > > > > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > > > > and CONTINUITY. > > > > > >Maybe we could even subvert Palladium and the Fritz Chip to > > > > > nobler ends ? > > > > > >i.e. a system that WILL, in some sense, robustly protect > > > > > content, but WILL > > > > > >NOT - as a matter of the supplier's policy - do any of the > > > > > things that > > > > > >consumers and libertarians rightly fear ? And a further > > > benefit of an > > > > > >open-source (that may not be the right term, maybe > > > > > "distributed ownership" > > > > > >is better) model could be the continuing availability of the > > > > > solution e.g. > > > > > >Red Hat may die, but Linux won't. > > > > > > > > > > > > > > > OK, so this is a *very* interesting question. These are > > > the types of > > > > > questions that needs to be discussed in a open forum and > > > > > where pieces of it > > > > > can be standardized (the way many pieces of Linux has been > > > > > standardized). > > > > > > > > > > cheers, > > > > > > > > > > thomas > > > > > ------ > > > > > > > > > > > > > > > > > > > > >I'm not sure how to do this, but maybe we could > figure it out ! > > > > > > > > > > > >Cheers, > > > > > > Gord 8-) > > > > > > > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > >From: "Thomas Hardjono" > > > > > >To: ; > > > > > >Sent: Wednesday, December 11, 2002 12:55 PM > > > > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > > > > > > > > > Gord, > > > > > > > > > > > > > > I agree with most of your comments. Judging from the > > > > > "emotional outcry" we > > > > > > > received at the last IDRM meeting (Salt Lake City IETF, > > > > > end of 2001), DRM > > > > > > > seems to mean different things to different people. > > > > > > > > > > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > > > > >Hello: > > > > > > > > Most of you on the list will not know me, as I came > > > > > in during your > > > > > >period > > > > > > > >of dormancy. I too have been mulling these issues, as > > > > > the DRM company > > > > > >that > > > > > > > >I helped found (NetActive) struggled like most others in > > > > > the space. > > > > > > > > > > > > > > > >I think there are two classes of issues here - the > > > > > social-advocacy ones > > > > > > > >and the technical ones. > > > > > > > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > > > > concerns were > > > > > > > >well expressed in Mark's email, and we could spend > > > > > thousands of words > > > > > > > >debating them. For what it > > > > > > > >is worth, I believe that DRM is not philosophically > > > > > wrong, and further, > > > > > >that > > > > > > > >it is commercially necessary. However, I do not believe > > > > > that the current > > > > > > > >"axis of greed" between Hollywood and Washington > > > serves the best > > > > > >interests > > > > > > > >of American citizens and, as a Canadian, I am very > > > > > concerned about the > > > > > > > >United States' efforts to impose its draconian views > > > of copyright > > > > > > > >enforcement on the rest of the world. > > > > > > > > Good DRM does not have to put Big Brother on your hard > > > > > drive. If it > > > > > >does, > > > > > > > >then the price is too high. > > > > > > > > > > > > > > Right. So one of the notions we put forward in the IETF > > > > > was: is it at all > > > > > > > possible to create "open-source DRM technologies", so > > > that small > > > > > > > mom-and-pop publishers need not pay $$$ for proprietary > > > > > solutions. The > > > > > > > analogy is that with Linux and the Apache webserver, > > > > > which are available > > > > > > > for around $30. > > > > > > > Another useful comparison in the RSA encryption > > > > > algorithm, which is good > > > > > > > technology, well understood, standardized and now finally > > > > > over the patent > > > > > > > hurdle. > > > > > > > > > > > > > > I realize that some folks take the (radical) position of > > > > > being against any > > > > > > > development of DRM technology whatsoever. The best way > > > > > to ensure Big > > > > > > > Brother does not happen is to go against any work > > > > > relating to DRM. The > > > > > > > reality is that DRM Technology is here to stay > > > > > (proprietary), whether we > > > > > > > like it or not. It will ship inside PCs and in consumer > > > > > electronics > > > > > > > devices. I think such a position actually helps the Big > > > > > Brother syndrome, > > > > > > > as it does not provide an option to the general public as > > > > > to alternative > > > > > > > sources of technology. > > > > > > > > > > > > > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > > > > smart people to > > > > > > > >build workable DRM that citizens can live with. > > > > > > > > > > > > > > > >The point issue of this technical group's mandate is > > > > > much clearer IMO. > > > > > >The > > > > > > > >core > > > > > > > >technology challenges for DRM are terminal node > > > > > challenges, not network > > > > > > > >challenges. Sure, a network is usually involved, but DRM > > > > > is nothing > > > > > >special > > > > > > > >for the network. DRM's basic network needs are nothing > > > > > harder than > > > > > > > >http/https over tcp/ip. And the terminal mode challenges > > > > > are largely > > > > > >about > > > > > > > >things like tamper-resistance, which are proprietary > > > and not very > > > > > >amenable > > > > > > > >to > > > > > > > >standardization. It's not something where an IETF group > > > > > adds much value. > > > > > > > > > > > > > > Right. This is where the word "DRM" is I think a > > > > > misnomer for the IETF > > > > > > > efforts. You are absolutely right, that DRM is indeed > > > > > "terminal node > > > > > > > challenges" (ie. development of rights-enforcing > > > > > terminals), which is not > > > > > > > the traditional area of work for the IETF. > > > > > > > > > > > > > > However, there some network issues that is part of what I > > > > > call the "DRM > > > > > > > macrocosm", which included functions relating to > > > > > look-ups, secure network > > > > > > > storage, transaction clearinghouse, etc. These would > > > appear to be > > > > > >suitable > > > > > > > for work items in the IETF. > > > > > > > > > > > > > > Thus, one possible change to IDRM is a new name that is > > > > > less likely to be > > > > > > > controversial. > > > > > > > > > > > > > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > > > > options include: > > > > > > > >1) disband > > > > > > > >2) generalize the focus to a multidisciplinary one, > > > > > along the lines of > > > > > > > >http://www.bcdforum.org . (Though I have to confess > > > I find that > > > > > >organization > > > > > > > >lacking substance.) > > > > > > > >3) Find specific technical problems that are obstacles > > > > > to good (i.e. > > > > > > > >effective but not Orwellian) DRM, which are going > > > > > begging, and in scope, > > > > > > > >and work on solutions. > > > > > > > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > > > > sounds like the most > > > > > > > >fun! > > > > > > > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > > > > may have specific > > > > > > > suggestions? > > > > > > > > > > > > > > cheers, > > > > > > > > > > > > > > thomas > > > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > > > > > > > >Best Regards, > > > > > > > > Gord Larose > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > > > >From: "Mark Baugher" > > > > > > > >To: > > > > > > > >Cc: ; "Vern Paxson" > > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > > > > >SNIP< > > > > > > > > > > > > > > > > From jpolimen@us.ibm.com Thu Dec 12 13:57:46 2002 From: jpolimen@us.ibm.com (Joe Polimeni) Date: Thu, 12 Dec 2002 08:57:46 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? Message-ID: I believe the group should survive. The patent issues can be localized to the client software for protection. There are standards needed: 1. The content package format. 2. The rights expression language. How the content is actually protected can be a patent issue and may actually be handled by hardware. Regards, Joe Paul Lambert cc: "Theisen, Isabelle" , Thomas Hardjono , ietf-idrm@lists.elistx.com, 12/11/2002 08:07 PM glarose@info-mech.com, mbaugher@cisco.com Subject: RE: [IDRM] Disband or recharter IDRM? Yes ... there are business needs for DRM, but vendors that field DRM solutions are not compelled to make them a 'open' standard. DRM, when used for content protection is an exclusionary technology that provides no incentive to create open standards. DRM is a very broad topic. The politically exciting areas of file sharing and 'protecting' audio or video content are not a good places to create a 'research group'. What you need is a business reason for groups to cooperate. DRM (from content providers) forces a usage model on end-systems that does not expect or require cooperation. Proprietary and patented technologies are an advantage because they are harder to reverse engineer and the patents are part of licensing policies that protect the implementations. An irtf research group should not be just a discussion forum. Real problems should be solved. For a work area to be successful, the focus must be clear. There are problems that could be solved by DRM-ish technologies. For example, spam filters could be improved with 'digital rights management' technologies. However, this type of work would be more focused and successful as an anti-spam research group than a DRM task. DRM is a very overloaded and heavily patented term. Fairly simple concepts of key management and public key based signatures have been converted into patented techniques for DRM. The identical techniques were used for secure messaging in the late 80's. The patent issues alone are a good reason to kill the working group and start specific focused efforts on solving specific problems. Paul > -----Original Message----- > From: Lisa Rein [mailto:lisarein@finetuning.com] > Sent: Wednesday, December 11, 2002 4:39 PM > To: Paul Lambert > Cc: Theisen, Isabelle; Thomas Hardjono; ietf-idrm@lists.elistx.com; > glarose@info-mech.com; mbaugher@cisco.com > Subject: Re: [IDRM] Disband or recharter IDRM? > > > Hi Paul, > > On the contrary. Business reasons for a specific technology are > *exactly* what defines the need for an open interoperable standard. > > Thanks, > > Lisa Rein > > http://www.finetuning.com > > Paul Lambert wrote: > > > Perhaps no one has a business reason for this committee and > it should be disbanded. > > > > Business reasons for a specific technology does not > guarentee that there is any reason for an open interoperable standard. > > > > > > Paul > > > > > >>-----Original Message----- > >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com] > >>Sent: Wednesday, December 11, 2002 2:48 PM > >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > >>'glarose@info-mech.com'; 'mbaugher@cisco.com' > >>Subject: RE: [IDRM] Disband or recharter IDRM? > >> > >> > >>Please, I do not have a business need for these emails. > >>Please, remove from the list. > >> > >> > >>-----Original Message----- > >>From: Thomas Hardjono [mailto:thardjono@yahoo.com] > >>Sent: Wednesday, December 11, 2002 2:09 PM > >>To: Gord Larose > >>Cc: ietf-idrm@lists.elistx.com > >>Subject: Re: [IDRM] Disband or recharter IDRM? > >> > >> > >>At 12/11/2002||03:16 PM, Gord Larose wrote: > >> > >>>Hi Thomas, > >>>Thanks for the feedback and update. At a high level I > agree with you > >>>completely. > >>> > >>>However, at a technical level, "Open source DRM" makes my > >> > >>brain hurt. It's > >> > >>>hard enough hide anything in BINARY inside a PC; but like it > >> > >>or not, that's > >> > >>>one thing DRM has to do. I should know... the NetActive > >> > >>technology I was > >> > >>>largely responsible for addresses exactly that problem. That > >> > >>technology has > >> > >>>never, to my knowledge, been publicly cracked... but I doubt > >> > >>that would have > >> > >>>been true if we'd published the source ! > >> > >>Yes, I agree: "open source DRM" makes my brain hurt too :) > >>However, this > >>seems to be the only way to provide an alternative to proprietary > >>technology. In many cases, perhaps the mom-and-pop > >>"publisher" does not > >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but > >>enough to > >>discourage non-technical people from trying to break it. > >> > >> > >> > >>>And from a business perspective, Mom & Pop businesses already have > >>>inexpensive, low-end protection technologies available e.g. from > >>>third-party software TBYB wrappers, or via, say, Windows > >> > >>Media Player DRM. > >> > >>>The obstacles are more about complexity, churn, supplier > >> > >>viability, trust, > >> > >>>and branding, than about cost or availability. > >> > >>Hmm, I'm not sure I follow here. WMP is only for certain > >>types of contents > >>(e.g. not books, newspapers, newletters, etc). > >> > >> > >> > >> > >>>So we'd have to be careful about what the values of such a > >> > >>system were... if > >> > >>>we could figure out how it would work ! > >>> > >>>Here's an entertaining thought: suppose we emphasize TRUST > >> > >>and CONTINUITY. > >> > >>>Maybe we could even subvert Palladium and the Fritz Chip to > >> > >>nobler ends ? > >> > >>>i.e. a system that WILL, in some sense, robustly protect > >> > >>content, but WILL > >> > >>>NOT - as a matter of the supplier's policy - do any of the > >> > >>things that > >> > >>>consumers and libertarians rightly fear ? And a further > benefit of an > >>>open-source (that may not be the right term, maybe > >> > >>"distributed ownership" > >> > >>>is better) model could be the continuing availability of the > >> > >>solution e.g. > >> > >>>Red Hat may die, but Linux won't. > >> > >> > >>OK, so this is a *very* interesting question. These are > the types of > >>questions that needs to be discussed in a open forum and > >>where pieces of it > >>can be standardized (the way many pieces of Linux has been > >>standardized). > >> > >>cheers, > >> > >>thomas > >>------ > >> > >> > >> > >> > >>>I'm not sure how to do this, but maybe we could figure it out ! > >>> > >>>Cheers, > >>> Gord 8-) > >>> > >>> > >>> > >>>----- Original Message ----- > >>>From: "Thomas Hardjono" > >>>To: ; > >>>Sent: Wednesday, December 11, 2002 12:55 PM > >>>Subject: Re: [IDRM] Disband or recharter IDRM? > >>> > >>> > >>> > >>>>Gord, > >>>> > >>>>I agree with most of your comments. Judging from the > >> > >>"emotional outcry" we > >> > >>>>received at the last IDRM meeting (Salt Lake City IETF, > >> > >>end of 2001), DRM > >> > >>>>seems to mean different things to different people. > >>>> > >>>> > >>>>At 12/11/2002||09:23 AM, Gord Larose wrote: > >>>> > >>>>>Hello: > >>>>> Most of you on the list will not know me, as I came > >> > >>in during your > >> > >>>period > >>> > >>>>>of dormancy. I too have been mulling these issues, as > >> > >>the DRM company > >> > >>>that > >>> > >>>>>I helped found (NetActive) struggled like most others in > >> > >>the space. > >> > >>>>>I think there are two classes of issues here - the > >> > >>social-advocacy ones > >> > >>>>>and the technical ones. > >>>>> > >>>>>The social-advocacy issues are horribly subjective. The > >> > >>concerns were > >> > >>>>>well expressed in Mark's email, and we could spend > >> > >>thousands of words > >> > >>>>>debating them. For what it > >>>>>is worth, I believe that DRM is not philosophically > >> > >>wrong, and further, > >> > >>>that > >>> > >>>>>it is commercially necessary. However, I do not believe > >> > >>that the current > >> > >>>>>"axis of greed" between Hollywood and Washington serves the best > >>> > >>>interests > >>> > >>>>>of American citizens and, as a Canadian, I am very > >> > >>concerned about the > >> > >>>>>United States' efforts to impose its draconian views of copyright > >>>>>enforcement on the rest of the world. > >>>>> Good DRM does not have to put Big Brother on your hard > >> > >>drive. If it > >> > >>>does, > >>> > >>>>>then the price is too high. > >>>> > >>>>Right. So one of the notions we put forward in the IETF > >> > >>was: is it at all > >> > >>>>possible to create "open-source DRM technologies", so that small > >>>>mom-and-pop publishers need not pay $$$ for proprietary > >> > >>solutions. The > >> > >>>>analogy is that with Linux and the Apache webserver, > >> > >>which are available > >> > >>>>for around $30. > >>>>Another useful comparison in the RSA encryption > >> > >>algorithm, which is good > >> > >>>>technology, well understood, standardized and now finally > >> > >>over the patent > >> > >>>>hurdle. > >>>> > >>>>I realize that some folks take the (radical) position of > >> > >>being against any > >> > >>>>development of DRM technology whatsoever. The best way > >> > >>to ensure Big > >> > >>>>Brother does not happen is to go against any work > >> > >>relating to DRM. The > >> > >>>>reality is that DRM Technology is here to stay > >> > >>(proprietary), whether we > >> > >>>>like it or not. It will ship inside PCs and in consumer > >> > >>electronics > >> > >>>>devices. I think such a position actually helps the Big > >> > >>Brother syndrome, > >> > >>>>as it does not provide an option to the general public as > >> > >>to alternative > >> > >>>>sources of technology. > >>>> > >>>> > >>>> > >>>> > >>>>>On a philosophical level then, I say there is a need for > >> > >>smart people to > >> > >>>>>build workable DRM that citizens can live with. > >>>>> > >>>>>The point issue of this technical group's mandate is > >> > >>much clearer IMO. > >> > >>>The > >>> > >>>>>core > >>>>>technology challenges for DRM are terminal node > >> > >>challenges, not network > >> > >>>>>challenges. Sure, a network is usually involved, but DRM > >> > >>is nothing > >> > >>>special > >>> > >>>>>for the network. DRM's basic network needs are nothing > >> > >>harder than > >> > >>>>>http/https over tcp/ip. And the terminal mode challenges > >> > >>are largely > >> > >>>about > >>> > >>>>>things like tamper-resistance, which are proprietary and not very > >>> > >>>amenable > >>> > >>>>>to > >>>>>standardization. It's not something where an IETF group > >> > >>adds much value. > >> > >>>>Right. This is where the word "DRM" is I think a > >> > >>misnomer for the IETF > >> > >>>>efforts. You are absolutely right, that DRM is indeed > >> > >>"terminal node > >> > >>>>challenges" (ie. development of rights-enforcing > >> > >>terminals), which is not > >> > >>>>the traditional area of work for the IETF. > >>>> > >>>>However, there some network issues that is part of what I > >> > >>call the "DRM > >> > >>>>macrocosm", which included functions relating to > >> > >>look-ups, secure network > >> > >>>>storage, transaction clearinghouse, etc. These would appear to be > >>> > >>>suitable > >>> > >>>>for work items in the IETF. > >>>> > >>>>Thus, one possible change to IDRM is a new name that is > >> > >>less likely to be > >> > >>>>controversial. > >>>> > >>>> > >>>> > >>>> > >>>>>So where does that leave the group ? Seems to me the > >> > >>options include: > >> > >>>>>1) disband > >>>>>2) generalize the focus to a multidisciplinary one, > >> > >>along the lines of > >> > >>>>>http://www.bcdforum.org . (Though I have to confess I find that > >>> > >>>organization > >>> > >>>>>lacking substance.) > >>>>>3) Find specific technical problems that are obstacles > >> > >>to good (i.e. > >> > >>>>>effective but not Orwellian) DRM, which are going > >> > >>begging, and in scope, > >> > >>>>>and work on solutions. > >>>>> > >>>>>I don't have a top-of-mind suggestion for #3, but it > >> > >>sounds like the most > >> > >>>>>fun! > >>>> > >>>>Yes, the keyword is "fun". Perhaps others on the list > >> > >>may have specific > >> > >>>>suggestions? > >>>> > >>>>cheers, > >>>> > >>>>thomas > >>>>------ > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Other thoughts ??? > >>>>> > >>>>>Best Regards, > >>>>> Gord Larose > >>>>> > >>>>>----- Original Message ----- > >>>>>From: "Mark Baugher" > >>>>>To: > >>>>>Cc: ; "Vern Paxson" > >>>>>Sent: Tuesday, December 10, 2002 6:43 PM > >>>>>Subject: [IDRM] Disband or recharter IDRM? > >>>>> > >>>>> > >>>>>>IDRM has obviously been dormant for about a year. > >>>>>>SNIP< > >>>> > > > > > > From mbaugher@cisco.com Thu Dec 12 16:24:48 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Thu, 12 Dec 2002 08:24:48 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: Message-ID: <5.1.1.5.2.20021212080952.0442c6e0@mira-sjc5-6.cisco.com> hi Joe, At 08:54 AM 12/12/2002 -0500, Joe Polimeni wrote: >I believe the best thing the group could do is: >1. Define the file format (a.k.a. package format) for a DRM protected >file. Currently each DRM products has it's own proprietary format. The Internet Streaming Media Alliance is defining an MP4 file format for encrypted media streams. This will likely be an open standard though the work is not yet publicly available - it will probably be available in a matter of months. >2. Recommend a rights expression language (ORDL or XrML). MPEG-21 is doing this I think >3. Recommend a key flow. This is something that is more of an internet infrastructure issue and is an area that I thought would be appropriate for IDRM. Content identification systems are another area. The interest in these topics has been thin up to this point. But, keys are an interesting problem, particularly keys for consumers. There are not yet large-scale public key infrastructures capable of supporting consumer access to entertainment content, and I don't know of any under development. Many people think that this type of technology is unsuitable for widespread, consumer use. Smart cards are perhaps the most widely used solution in digital television. Internet entertainment systems typically will have a back channel and a variety of means for authorization and authentication of devices and even people. It's not clear what the best solution will if the content is encrypted, which is something that Hollywood typically requires. I have come to believe that it would be best if we could dispense with encryption and cryptography altogether. I don't think much would be lost besides a lot of expense and complexity in consumer devices. >The group should stay away any ideological issues. DRM will be used in a >variety of situations, not just for music or video. Unless we want a >single company to set the direction and provide all the tools we need to >set standards. I agree. >I also think the group should stay away from the technology for developing >the "client." Each individual company should make its own protected >client, and the content owner can restrict which client can use the content >with certificates. Yes, I think we should focus on the infrastructure technology components. Mark >Joe > >----- Forwarded by Joe Polimeni/Fort Lauderdale/IBM on 12/12/2002 08:45 AM >----- > > > Paul > Lambert > > > tworks.Com> cc: > ietf-idrm@lists.elistx.com > Subject: RE: [IDRM] > Disband or recharter IDRM? > 12/11/2002 08:37 > PM > > > > > > > > > > > > > Paul > > www.irtf.org is the main page from which you can navigate > > to the IDRM > > page, which is where the RG deliverables are described. > >Yes, but .. > >The 'deliverables' are not clear ... for example: > >"The IDRM Research Group will begin its work by surveying the area of >Digital Rights Management (DRM), and develop a coherent taxonomy of >problems related to DRM with their inter- relationships." > >I'm not sure how I would use this result. > >Picking a smaller clearer deliverable would hopefully get more interest and >involvement. > >Paul > > > > > > > -----Original Message----- > > From: Mark Baugher [mailto:mbaugher@cisco.com] > > Sent: Wednesday, December 11, 2002 5:26 PM > > To: Paul Lambert > > Cc: ietf-idrm@lists.elistx.com > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > Paul > > www.irtf.org is the main page from which you can navigate > > to the IDRM > > page, which is where the RG deliverables are described. > > > > Mark > > At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > > > Just so we are all on the same page, a stated "business > > reason" is not > > > > among the criteria used to establish and guide an > > Internet Research Task > > > > Force (IRTF) Research Group such as IDRM > > > > > >There needs to be some reason for the community at large to > > participate. > > > > > > > Force (IRTF) Research Group such as IDRM > > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > > > > >Which says: > > > > > > The products of a Research Group are research > > > results that may be disseminated by publication in > > scholarly journals > > > and conferences, as white papers for the community, as > > Informational > > > RFCs, and so on. In addition, it is expected that technologies > > > developed in a Research Group will be brought to the > > IETF as input to > > > IETF Working Group(s) for possible standardization. > > > > > >It does not say 'discussion forum'. What are the specific > > work products > > >for this group? > > > > > > > > >Paul > > > > > > > -----Original Message----- > > > > From: Mark Baugher [mailto:mbaugher@cisco.com] > > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > > To: Paul Lambert > > > > Cc: ietf-idrm@lists.elistx.com > > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > > > > > > > Please, I do not have a business need for these emails. > > > > > > > > > >Perhaps no one has a business reason for this committee and > > > > it should be > > > > >disbanded. > > > > > > > > Just so we are all on the same page, a stated "business > > > > reason" is not > > > > among the criteria used to establish and guide an Internet > > > > Research Task > > > > Force (IRTF) Research Group such as IDRM > > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > > > > Mark > > > > > > > > > > > > >Business reasons for a specific technology does not > > > > guarentee that there > > > > >is any reason for an open interoperable standard. > > > > > > > > > > > > > > >Paul > > > > > > > > > > > -----Original Message----- > > > > > > From: Theisen, Isabelle > > [mailto:Isabelle.Theisen@unistudios.com] > > > > > > Sent: Wednesday, December 11, 2002 2:48 PM > > > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > > > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > Please, I do not have a business need for these emails. > > > > > > Please, remove from the list. > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > > > > > Sent: Wednesday, December 11, 2002 2:09 PM > > > > > > To: Gord Larose > > > > > > Cc: ietf-idrm@lists.elistx.com > > > > > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > > > > > >Hi Thomas, > > > > > > >Thanks for the feedback and update. At a high level I > > > > agree with you > > > > > > >completely. > > > > > > > > > > > > > >However, at a technical level, "Open source DRM" makes my > > > > > > brain hurt. It's > > > > > > >hard enough hide anything in BINARY inside a PC; but like it > > > > > > or not, that's > > > > > > >one thing DRM has to do. I should know... the NetActive > > > > > > technology I was > > > > > > >largely responsible for addresses exactly that problem. That > > > > > > technology has > > > > > > >never, to my knowledge, been publicly cracked... but I doubt > > > > > > that would have > > > > > > >been true if we'd published the source ! > > > > > > > > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > > > > > However, this > > > > > > seems to be the only way to provide an alternative to > > proprietary > > > > > > technology. In many cases, perhaps the mom-and-pop > > > > > > "publisher" does not > > > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > > > > > enough to > > > > > > discourage non-technical people from trying to break it. > > > > > > > > > > > > > > > > > > >And from a business perspective, Mom & Pop businesses > > > > already have > > > > > > >inexpensive, low-end protection technologies > > available e.g. from > > > > > > >third-party software TBYB wrappers, or via, say, Windows > > > > > > Media Player DRM. > > > > > > >The obstacles are more about complexity, churn, supplier > > > > > > viability, trust, > > > > > > >and branding, than about cost or availability. > > > > > > > > > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > > > > > types of contents > > > > > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > > > > > > > > > > > > > > > > > >So we'd have to be careful about what the values of such a > > > > > > system were... if > > > > > > >we could figure out how it would work ! > > > > > > > > > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > > > > > and CONTINUITY. > > > > > > >Maybe we could even subvert Palladium and the Fritz Chip to > > > > > > nobler ends ? > > > > > > >i.e. a system that WILL, in some sense, robustly protect > > > > > > content, but WILL > > > > > > >NOT - as a matter of the supplier's policy - do any of the > > > > > > things that > > > > > > >consumers and libertarians rightly fear ? And a further > > > > benefit of an > > > > > > >open-source (that may not be the right term, maybe > > > > > > "distributed ownership" > > > > > > >is better) model could be the continuing availability of the > > > > > > solution e.g. > > > > > > >Red Hat may die, but Linux won't. > > > > > > > > > > > > > > > > > > OK, so this is a *very* interesting question. These are > > > > the types of > > > > > > questions that needs to be discussed in a open forum and > > > > > > where pieces of it > > > > > > can be standardized (the way many pieces of Linux has been > > > > > > standardized). > > > > > > > > > > > > cheers, > > > > > > > > > > > > thomas > > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > >I'm not sure how to do this, but maybe we could > > figure it out ! > > > > > > > > > > > > > >Cheers, > > > > > > > Gord 8-) > > > > > > > > > > > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > > >From: "Thomas Hardjono" > > > > > > >To: ; > > > > > > >Sent: Wednesday, December 11, 2002 12:55 PM > > > > > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Gord, > > > > > > > > > > > > > > > > I agree with most of your comments. Judging from the > > > > > > "emotional outcry" we > > > > > > > > received at the last IDRM meeting (Salt Lake City IETF, > > > > > > end of 2001), DRM > > > > > > > > seems to mean different things to different people. > > > > > > > > > > > > > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > > > > > >Hello: > > > > > > > > > Most of you on the list will not know me, as I came > > > > > > in during your > > > > > > >period > > > > > > > > >of dormancy. I too have been mulling these issues, as > > > > > > the DRM company > > > > > > >that > > > > > > > > >I helped found (NetActive) struggled like most others in > > > > > > the space. > > > > > > > > > > > > > > > > > >I think there are two classes of issues here - the > > > > > > social-advocacy ones > > > > > > > > >and the technical ones. > > > > > > > > > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > > > > > concerns were > > > > > > > > >well expressed in Mark's email, and we could spend > > > > > > thousands of words > > > > > > > > >debating them. For what it > > > > > > > > >is worth, I believe that DRM is not philosophically > > > > > > wrong, and further, > > > > > > >that > > > > > > > > >it is commercially necessary. However, I do not believe > > > > > > that the current > > > > > > > > >"axis of greed" between Hollywood and Washington > > > > serves the best > > > > > > >interests > > > > > > > > >of American citizens and, as a Canadian, I am very > > > > > > concerned about the > > > > > > > > >United States' efforts to impose its draconian views > > > > of copyright > > > > > > > > >enforcement on the rest of the world. > > > > > > > > > Good DRM does not have to put Big Brother on your hard > > > > > > drive. If it > > > > > > >does, > > > > > > > > >then the price is too high. > > > > > > > > > > > > > > > > Right. So one of the notions we put forward in the IETF > > > > > > was: is it at all > > > > > > > > possible to create "open-source DRM technologies", so > > > > that small > > > > > > > > mom-and-pop publishers need not pay $$$ for proprietary > > > > > > solutions. The > > > > > > > > analogy is that with Linux and the Apache webserver, > > > > > > which are available > > > > > > > > for around $30. > > > > > > > > Another useful comparison in the RSA encryption > > > > > > algorithm, which is good > > > > > > > > technology, well understood, standardized and now finally > > > > > > over the patent > > > > > > > > hurdle. > > > > > > > > > > > > > > > > I realize that some folks take the (radical) position of > > > > > > being against any > > > > > > > > development of DRM technology whatsoever. The best way > > > > > > to ensure Big > > > > > > > > Brother does not happen is to go against any work > > > > > > relating to DRM. The > > > > > > > > reality is that DRM Technology is here to stay > > > > > > (proprietary), whether we > > > > > > > > like it or not. It will ship inside PCs and in consumer > > > > > > electronics > > > > > > > > devices. I think such a position actually helps the Big > > > > > > Brother syndrome, > > > > > > > > as it does not provide an option to the general public as > > > > > > to alternative > > > > > > > > sources of technology. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > > > > > smart people to > > > > > > > > >build workable DRM that citizens can live with. > > > > > > > > > > > > > > > > > >The point issue of this technical group's mandate is > > > > > > much clearer IMO. > > > > > > >The > > > > > > > > >core > > > > > > > > >technology challenges for DRM are terminal node > > > > > > challenges, not network > > > > > > > > >challenges. Sure, a network is usually involved, but DRM > > > > > > is nothing > > > > > > >special > > > > > > > > >for the network. DRM's basic network needs are nothing > > > > > > harder than > > > > > > > > >http/https over tcp/ip. And the terminal mode challenges > > > > > > are largely > > > > > > >about > > > > > > > > >things like tamper-resistance, which are proprietary > > > > and not very > > > > > > >amenable > > > > > > > > >to > > > > > > > > >standardization. It's not something where an IETF group > > > > > > adds much value. > > > > > > > > > > > > > > > > Right. This is where the word "DRM" is I think a > > > > > > misnomer for the IETF > > > > > > > > efforts. You are absolutely right, that DRM is indeed > > > > > > "terminal node > > > > > > > > challenges" (ie. development of rights-enforcing > > > > > > terminals), which is not > > > > > > > > the traditional area of work for the IETF. > > > > > > > > > > > > > > > > However, there some network issues that is part of what I > > > > > > call the "DRM > > > > > > > > macrocosm", which included functions relating to > > > > > > look-ups, secure network > > > > > > > > storage, transaction clearinghouse, etc. These would > > > > appear to be > > > > > > >suitable > > > > > > > > for work items in the IETF. > > > > > > > > > > > > > > > > Thus, one possible change to IDRM is a new name that is > > > > > > less likely to be > > > > > > > > controversial. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > > > > > options include: > > > > > > > > >1) disband > > > > > > > > >2) generalize the focus to a multidisciplinary one, > > > > > > along the lines of > > > > > > > > >http://www.bcdforum.org . (Though I have to confess > > > > I find that > > > > > > >organization > > > > > > > > >lacking substance.) > > > > > > > > >3) Find specific technical problems that are obstacles > > > > > > to good (i.e. > > > > > > > > >effective but not Orwellian) DRM, which are going > > > > > > begging, and in scope, > > > > > > > > >and work on solutions. > > > > > > > > > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > > > > > sounds like the most > > > > > > > > >fun! > > > > > > > > > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > > > > > may have specific > > > > > > > > suggestions? > > > > > > > > > > > > > > > > cheers, > > > > > > > > > > > > > > > > thomas > > > > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > > > > > > > > > >Best Regards, > > > > > > > > > Gord Larose > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > > > > >From: "Mark Baugher" > > > > > > > > >To: > > > > > > > > >Cc: ; "Vern Paxson" > > > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > > > > > >SNIP< > > > > > > > > > > > > > > > > > > > > From mbaugher@cisco.com Thu Dec 12 16:29:33 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Thu, 12 Dec 2002 08:29:33 -0800 Subject: [IETF-IDRM] [IDRM] please check the To: and CC: lists of your postings Message-ID: <5.1.1.5.2.20021212082754.0443aba8@mira-sjc5-6.cisco.com> Please leave off of your postings since she asked not to be included in the list thanks, Mark From RVelloso@abril.com.br Thu Dec 12 16:48:01 2002 From: RVelloso@abril.com.br (Rodrigo Velloso) Date: Thu, 12 Dec 2002 14:48:01 -0200 Subject: [IETF-IDRM] RES: [IDRM] please check the To: and CC: lists of your postings Message-ID: Please leave me off of the list as well . Thank you. -----Mensagem original----- De: Mark Baugher [mailto:mbaugher@cisco.com] Enviada em: Quinta-feira, 12 de Dezembro de 2002 14:30 Para: ietf-idrm@lists.elistx.com Assunto: [IDRM] please check the To: and CC: lists of your postings Please leave off of your postings s= ince=20 she asked not to be included in the list thanks, Mark From thardjono@yahoo.com Thu Dec 12 22:30:32 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Thu, 12 Dec 2002 17:30:32 -0500 Subject: [IETF-IDRM] Re: [IDRM] list In-Reply-To: <20021212221523.19867.qmail@web41012.mail.yahoo.com> Message-ID: <5.0.0.25.2.20021212172835.02cce940@pop.mail.yahoo.com> My apologies Tony. I have never added anyone purposely to the list, as the list request is automatic. thomas ------ At 12/12/2002||10:15 PM, Tony Burch wrote: >get me OFF your list please I have never requested I >be on it. > >tonyb4567@yahoo.com > > >__________________________________________________ >Do You Yahoo!? >Everything you'll ever need on one web page >from News and Sport to Email and Music Charts >http://uk.my.yahoo.com From tonyb4567@yahoo.com Thu Dec 12 22:15:23 2002 From: tonyb4567@yahoo.com (=?iso-8859-1?q?Tony=20Burch?=) Date: Thu, 12 Dec 2002 22:15:23 +0000 (GMT) Subject: [IETF-IDRM] [IDRM] list Message-ID: <20021212221523.19867.qmail@web41012.mail.yahoo.com> get me OFF your list please I have never requested I be on it. tonyb4567@yahoo.com __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com From rcruse@ESynch.com Thu Dec 12 22:23:19 2002 From: rcruse@ESynch.com (rcruse@ESynch.com) Date: Thu, 12 Dec 2002 14:23:19 -0800 Subject: [IETF-IDRM] RE: [IDRM] list Message-ID: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --Boundary_(ID_Bb6BxjlYg58/0Wx4+NkvUQ) Content-type: text/plain; charset=iso-8859-1 I am not on the list either, nor do I have anything to do with emails. Yet I continue to receive these removal requests. Sorry -----Original Message----- From: Tony Burch [mailto:tonyb4567@yahoo.com] Sent: Thursday, December 12, 2002 2:15 PM To: ietf-idrm@lists.elistx.com Subject: [IDRM] list get me OFF your list please I have never requested I be on it. tonyb4567@yahoo.com __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com --Boundary_(ID_Bb6BxjlYg58/0Wx4+NkvUQ) Content-type: text/html; charset=iso-8859-1 RE: [IDRM] list

I am not on the list either, nor do I have anything to do with emails.
Yet I continue to receive these removal requests.
Sorry

-----Original Message-----
From: Tony Burch [mailto:tonyb4567@yahoo.com]
Sent: Thursday, December 12, 2002 2:15 PM
To: ietf-idrm@lists.elistx.com
Subject: [IDRM] list


get me OFF your list please I have never requested I
be on it.

tonyb4567@yahoo.com


__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

--Boundary_(ID_Bb6BxjlYg58/0Wx4+NkvUQ)-- From oelbaum@ldv.ei.tum.de Thu Dec 12 23:48:51 2002 From: oelbaum@ldv.ei.tum.de (Tobias Oelbaum) Date: Fri, 13 Dec 2002 00:48:51 +0100 (CET) Subject: [IETF-IDRM] Re: [IDRM] list In-Reply-To: <5.0.0.25.2.20021212172835.02cce940@pop.mail.yahoo.com> Message-ID: Seems as there are really some problems with that list: I did not request to be on this list, nor do I work in the topic discussed here nor do I know how to get on or off this list (and it does not seem that I'm the only one). so please remove oelbaum@ei.tum.de from this list, and check the numbers of adresses in your list (and maybe additionally your subscription procedure) Thanks Tobias On Thu, 12 Dec 2002, Thomas Hardjono wrote: > > My apologies Tony. I have never added anyone purposely to the list, as the > list request is automatic. > > thomas > ------ > > > At 12/12/2002||10:15 PM, Tony Burch wrote: > >get me OFF your list please I have never requested I > >be on it. > > > >tonyb4567@yahoo.com > > > > > >__________________________________________________ > >Do You Yahoo!? > >Everything you'll ever need on one web page > >from News and Sport to Email and Music Charts > >http://uk.my.yahoo.com > > From mbaugher@cisco.com Fri Dec 13 01:33:25 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Thu, 12 Dec 2002 17:33:25 -0800 Subject: [IETF-IDRM] Fwd: Re: [IDRM] list Message-ID: <5.1.1.5.2.20021212173216.045db408@mira-sjc5-6.cisco.com> Tobias First of all, there is no reason to copy tonyb4567. Second, there is no reason to copy the list. I am copying the list as co-chair of the IDRM group to ask that people remove themselves from the list in the usual way. List-Unsubscribe: , If this does not work, please send a note to Thomas or me but not to the list. Now, there are too many people wrongly on the list for this to be all user error. Thomas and I discussed it and don't know how it happened. Thomas has a log of all people who sent mail to join the list and he is checking names. We probably need to check to see if somehow another list got added to the list. I'm sorry for the inconvenience. But it should be quite easy to leave the list using the above mailto. thanks, Mark >Date: Fri, 13 Dec 2002 00:48:51 +0100 (CET) >From: Tobias Oelbaum >Subject: Re: [IDRM] list >To: Thomas Hardjono >Cc: Tony Burch , ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: , > >List-Unsubscribe: , > >List-Archive: >List-Help: , > >List-Id: > >Seems as there are really some problems with that list: I did not request >to be on this list, nor do I work in the topic discussed here nor do I >know how to get on or off this list (and it does not seem that I'm the >only one). > >so please remove oelbaum@ei.tum.de from this list, and check the numbers >of adresses in your list (and maybe additionally your subscription >procedure) > >Thanks >Tobias > >On Thu, 12 Dec 2002, Thomas Hardjono wrote: > > > > > My apologies Tony. I have never added anyone purposely to the list, as the > > list request is automatic. > > > > thomas > > ------ > > > > > > At 12/12/2002||10:15 PM, Tony Burch wrote: > > >get me OFF your list please I have never requested I > > >be on it. > > > > > >tonyb4567@yahoo.com > > > > > > > > >__________________________________________________ > > >Do You Yahoo!? > > >Everything you'll ever need on one web page > > >from News and Sport to Email and Music Charts > > >http://uk.my.yahoo.com > > > > From thardjono@yahoo.com Fri Dec 13 16:04:01 2002 From: thardjono@yahoo.com (thardjono@yahoo.com) Date: Fri, 13 Dec 2002 11:04:01 -0500 (EST) Subject: [IETF-IDRM] [IDRM] Please re-subscribe (Final email from Server) Message-ID: <0H7200L03FAPLX@eListX.com> Please ignore this if you are not a member of IDRM. This is the last email you will receive from the elistx mail-server for the IDRM Mailing List. You have been un-subscribed from the list. If you believe you should be on the IDRM List and still wish to continue discussions on IDRM, please re-subscribe here: http://www.pairlist.net/mailman/listinfo/ietf-idrm Please keep your password, as it will be needed to leave the list. Regards, Thomas+Mark ----------- IDRM co-chairs From mbaugher@cisco.com Fri Dec 13 18:17:35 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Fri, 13 Dec 2002 10:17:35 -0800 Subject: [IETF-IDRM] can we now resume the discussion? Message-ID: <5.1.1.5.2.20021213101648.047bcd10@mira-sjc5-6.cisco.com> maybe it would be good to find out if anyone else has joined the list. thomas, can you send out the current list? thanks, Mark From thardjono@verisign.com Fri Dec 13 18:35:41 2002 From: thardjono@verisign.com (Thomas Hardjono) Date: Fri, 13 Dec 2002 13:35:41 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: Message-ID: <5.0.0.25.2.20021213132233.02dc9e90@pop.mail.yahoo.com> Joe, At 12/12/2002||08:54 AM, Joe Polimeni wrote: >I believe the best thing the group could do is: >1. Define the file format (a.k.a. package format) for a DRM protected >file. Currently each DRM products has it's own proprietary format. >2. Recommend a rights expression language (ORDL or XrML). >3. Recommend a key flow. No. 3 (key flow) is a good idea, I think. As to No. 2, I don't think the IETF will be willing to recommend a language. Also, XrML is being addressed in Oasis and ODRL within the OMA (I think). I'm not sure about file formats (No.1). Ceratin content types, such as MPEG, do have a standard content format, and the metadata is expressed in the MPEG REL. >The group should stay away any ideological issues. DRM will be used in a >variety of situations, not just for music or video. Unless we want a >single company to set the direction and provide all the tools we need to >set standards. Agreed :) >I also think the group should stay away from the technology for developing >the "client." Each individual company should make its own protected >client, and the content owner can restrict which client can use the content >with certificates. Agree. I would roughly equate "client" to "Terminal". Earlier in this discussion Paul Judge mentioned "architectures" and "secure distribution/conditional access". These seem to be a natural IETF work item. cheers, thomas ------ >Joe > >----- Forwarded by Joe Polimeni/Fort Lauderdale/IBM on 12/12/2002 08:45 AM >----- > > > Paul > Lambert > > > tworks.Com> cc: > ietf-idrm@lists.elistx.com > Subject: RE: [IDRM] > Disband or recharter IDRM? > 12/11/2002 08:37 > PM > > > > > > > > > > > > > Paul > > www.irtf.org is the main page from which you can navigate > > to the IDRM > > page, which is where the RG deliverables are described. > >Yes, but .. > >The 'deliverables' are not clear ... for example: > >"The IDRM Research Group will begin its work by surveying the area of >Digital Rights Management (DRM), and develop a coherent taxonomy of >problems related to DRM with their inter- relationships." > >I'm not sure how I would use this result. > >Picking a smaller clearer deliverable would hopefully get more interest and >involvement. > >Paul > > > > > > > -----Original Message----- > > From: Mark Baugher [mailto:mbaugher@cisco.com] > > Sent: Wednesday, December 11, 2002 5:26 PM > > To: Paul Lambert > > Cc: ietf-idrm@lists.elistx.com > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > Paul > > www.irtf.org is the main page from which you can navigate > > to the IDRM > > page, which is where the RG deliverables are described. > > > > Mark > > At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > > > Just so we are all on the same page, a stated "business > > reason" is not > > > > among the criteria used to establish and guide an > > Internet Research Task > > > > Force (IRTF) Research Group such as IDRM > > > > > >There needs to be some reason for the community at large to > > participate. > > > > > > > Force (IRTF) Research Group such as IDRM > > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > > > > >Which says: > > > > > > The products of a Research Group are research > > > results that may be disseminated by publication in > > scholarly journals > > > and conferences, as white papers for the community, as > > Informational > > > RFCs, and so on. In addition, it is expected that technologies > > > developed in a Research Group will be brought to the > > IETF as input to > > > IETF Working Group(s) for possible standardization. > > > > > >It does not say 'discussion forum'. What are the specific > > work products > > >for this group? > > > > > > > > >Paul > > > > > > > -----Original Message----- > > > > From: Mark Baugher [mailto:mbaugher@cisco.com] > > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > > To: Paul Lambert > > > > Cc: ietf-idrm@lists.elistx.com > > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: > > > > > > > > > > Please, I do not have a business need for these emails. > > > > > > > > > >Perhaps no one has a business reason for this committee and > > > > it should be > > > > >disbanded. > > > > > > > > Just so we are all on the same page, a stated "business > > > > reason" is not > > > > among the criteria used to establish and guide an Internet > > > > Research Task > > > > Force (IRTF) Research Group such as IDRM > > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) > > > > > > > > Mark > > > > > > > > > > > > >Business reasons for a specific technology does not > > > > guarentee that there > > > > >is any reason for an open interoperable standard. > > > > > > > > > > > > > > >Paul > > > > > > > > > > > -----Original Message----- > > > > > > From: Theisen, Isabelle > > [mailto:Isabelle.Theisen@unistudios.com] > > > > > > Sent: Wednesday, December 11, 2002 2:48 PM > > > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; > > > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' > > > > > > Subject: RE: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > Please, I do not have a business need for these emails. > > > > > > Please, remove from the list. > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] > > > > > > Sent: Wednesday, December 11, 2002 2:09 PM > > > > > > To: Gord Larose > > > > > > Cc: ietf-idrm@lists.elistx.com > > > > > > Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: > > > > > > >Hi Thomas, > > > > > > >Thanks for the feedback and update. At a high level I > > > > agree with you > > > > > > >completely. > > > > > > > > > > > > > >However, at a technical level, "Open source DRM" makes my > > > > > > brain hurt. It's > > > > > > >hard enough hide anything in BINARY inside a PC; but like it > > > > > > or not, that's > > > > > > >one thing DRM has to do. I should know... the NetActive > > > > > > technology I was > > > > > > >largely responsible for addresses exactly that problem. That > > > > > > technology has > > > > > > >never, to my knowledge, been publicly cracked... but I doubt > > > > > > that would have > > > > > > >been true if we'd published the source ! > > > > > > > > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) > > > > > > However, this > > > > > > seems to be the only way to provide an alternative to > > proprietary > > > > > > technology. In many cases, perhaps the mom-and-pop > > > > > > "publisher" does not > > > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but > > > > > > enough to > > > > > > discourage non-technical people from trying to break it. > > > > > > > > > > > > > > > > > > >And from a business perspective, Mom & Pop businesses > > > > already have > > > > > > >inexpensive, low-end protection technologies > > available e.g. from > > > > > > >third-party software TBYB wrappers, or via, say, Windows > > > > > > Media Player DRM. > > > > > > >The obstacles are more about complexity, churn, supplier > > > > > > viability, trust, > > > > > > >and branding, than about cost or availability. > > > > > > > > > > > > Hmm, I'm not sure I follow here. WMP is only for certain > > > > > > types of contents > > > > > > (e.g. not books, newspapers, newletters, etc). > > > > > > > > > > > > > > > > > > > > > > > > >So we'd have to be careful about what the values of such a > > > > > > system were... if > > > > > > >we could figure out how it would work ! > > > > > > > > > > > > > >Here's an entertaining thought: suppose we emphasize TRUST > > > > > > and CONTINUITY. > > > > > > >Maybe we could even subvert Palladium and the Fritz Chip to > > > > > > nobler ends ? > > > > > > >i.e. a system that WILL, in some sense, robustly protect > > > > > > content, but WILL > > > > > > >NOT - as a matter of the supplier's policy - do any of the > > > > > > things that > > > > > > >consumers and libertarians rightly fear ? And a further > > > > benefit of an > > > > > > >open-source (that may not be the right term, maybe > > > > > > "distributed ownership" > > > > > > >is better) model could be the continuing availability of the > > > > > > solution e.g. > > > > > > >Red Hat may die, but Linux won't. > > > > > > > > > > > > > > > > > > OK, so this is a *very* interesting question. These are > > > > the types of > > > > > > questions that needs to be discussed in a open forum and > > > > > > where pieces of it > > > > > > can be standardized (the way many pieces of Linux has been > > > > > > standardized). > > > > > > > > > > > > cheers, > > > > > > > > > > > > thomas > > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > >I'm not sure how to do this, but maybe we could > > figure it out ! > > > > > > > > > > > > > >Cheers, > > > > > > > Gord 8-) > > > > > > > > > > > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > > >From: "Thomas Hardjono" > > > > > > >To: ; > > > > > > >Sent: Wednesday, December 11, 2002 12:55 PM > > > > > > >Subject: Re: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Gord, > > > > > > > > > > > > > > > > I agree with most of your comments. Judging from the > > > > > > "emotional outcry" we > > > > > > > > received at the last IDRM meeting (Salt Lake City IETF, > > > > > > end of 2001), DRM > > > > > > > > seems to mean different things to different people. > > > > > > > > > > > > > > > > > > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: > > > > > > > > >Hello: > > > > > > > > > Most of you on the list will not know me, as I came > > > > > > in during your > > > > > > >period > > > > > > > > >of dormancy. I too have been mulling these issues, as > > > > > > the DRM company > > > > > > >that > > > > > > > > >I helped found (NetActive) struggled like most others in > > > > > > the space. > > > > > > > > > > > > > > > > > >I think there are two classes of issues here - the > > > > > > social-advocacy ones > > > > > > > > >and the technical ones. > > > > > > > > > > > > > > > > > >The social-advocacy issues are horribly subjective. The > > > > > > concerns were > > > > > > > > >well expressed in Mark's email, and we could spend > > > > > > thousands of words > > > > > > > > >debating them. For what it > > > > > > > > >is worth, I believe that DRM is not philosophically > > > > > > wrong, and further, > > > > > > >that > > > > > > > > >it is commercially necessary. However, I do not believe > > > > > > that the current > > > > > > > > >"axis of greed" between Hollywood and Washington > > > > serves the best > > > > > > >interests > > > > > > > > >of American citizens and, as a Canadian, I am very > > > > > > concerned about the > > > > > > > > >United States' efforts to impose its draconian views > > > > of copyright > > > > > > > > >enforcement on the rest of the world. > > > > > > > > > Good DRM does not have to put Big Brother on your hard > > > > > > drive. If it > > > > > > >does, > > > > > > > > >then the price is too high. > > > > > > > > > > > > > > > > Right. So one of the notions we put forward in the IETF > > > > > > was: is it at all > > > > > > > > possible to create "open-source DRM technologies", so > > > > that small > > > > > > > > mom-and-pop publishers need not pay $$$ for proprietary > > > > > > solutions. The > > > > > > > > analogy is that with Linux and the Apache webserver, > > > > > > which are available > > > > > > > > for around $30. > > > > > > > > Another useful comparison in the RSA encryption > > > > > > algorithm, which is good > > > > > > > > technology, well understood, standardized and now finally > > > > > > over the patent > > > > > > > > hurdle. > > > > > > > > > > > > > > > > I realize that some folks take the (radical) position of > > > > > > being against any > > > > > > > > development of DRM technology whatsoever. The best way > > > > > > to ensure Big > > > > > > > > Brother does not happen is to go against any work > > > > > > relating to DRM. The > > > > > > > > reality is that DRM Technology is here to stay > > > > > > (proprietary), whether we > > > > > > > > like it or not. It will ship inside PCs and in consumer > > > > > > electronics > > > > > > > > devices. I think such a position actually helps the Big > > > > > > Brother syndrome, > > > > > > > > as it does not provide an option to the general public as > > > > > > to alternative > > > > > > > > sources of technology. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >On a philosophical level then, I say there is a need for > > > > > > smart people to > > > > > > > > >build workable DRM that citizens can live with. > > > > > > > > > > > > > > > > > >The point issue of this technical group's mandate is > > > > > > much clearer IMO. > > > > > > >The > > > > > > > > >core > > > > > > > > >technology challenges for DRM are terminal node > > > > > > challenges, not network > > > > > > > > >challenges. Sure, a network is usually involved, but DRM > > > > > > is nothing > > > > > > >special > > > > > > > > >for the network. DRM's basic network needs are nothing > > > > > > harder than > > > > > > > > >http/https over tcp/ip. And the terminal mode challenges > > > > > > are largely > > > > > > >about > > > > > > > > >things like tamper-resistance, which are proprietary > > > > and not very > > > > > > >amenable > > > > > > > > >to > > > > > > > > >standardization. It's not something where an IETF group > > > > > > adds much value. > > > > > > > > > > > > > > > > Right. This is where the word "DRM" is I think a > > > > > > misnomer for the IETF > > > > > > > > efforts. You are absolutely right, that DRM is indeed > > > > > > "terminal node > > > > > > > > challenges" (ie. development of rights-enforcing > > > > > > terminals), which is not > > > > > > > > the traditional area of work for the IETF. > > > > > > > > > > > > > > > > However, there some network issues that is part of what I > > > > > > call the "DRM > > > > > > > > macrocosm", which included functions relating to > > > > > > look-ups, secure network > > > > > > > > storage, transaction clearinghouse, etc. These would > > > > appear to be > > > > > > >suitable > > > > > > > > for work items in the IETF. > > > > > > > > > > > > > > > > Thus, one possible change to IDRM is a new name that is > > > > > > less likely to be > > > > > > > > controversial. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >So where does that leave the group ? Seems to me the > > > > > > options include: > > > > > > > > >1) disband > > > > > > > > >2) generalize the focus to a multidisciplinary one, > > > > > > along the lines of > > > > > > > > >http://www.bcdforum.org . (Though I have to confess > > > > I find that > > > > > > >organization > > > > > > > > >lacking substance.) > > > > > > > > >3) Find specific technical problems that are obstacles > > > > > > to good (i.e. > > > > > > > > >effective but not Orwellian) DRM, which are going > > > > > > begging, and in scope, > > > > > > > > >and work on solutions. > > > > > > > > > > > > > > > > > >I don't have a top-of-mind suggestion for #3, but it > > > > > > sounds like the most > > > > > > > > >fun! > > > > > > > > > > > > > > > > Yes, the keyword is "fun". Perhaps others on the list > > > > > > may have specific > > > > > > > > suggestions? > > > > > > > > > > > > > > > > cheers, > > > > > > > > > > > > > > > > thomas > > > > > > > > ------ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >Other thoughts ??? > > > > > > > > > > > > > > > > > >Best Regards, > > > > > > > > > Gord Larose > > > > > > > > > > > > > > > > > >----- Original Message ----- > > > > > > > > >From: "Mark Baugher" > > > > > > > > >To: > > > > > > > > >Cc: ; "Vern Paxson" > > > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM > > > > > > > > >Subject: [IDRM] Disband or recharter IDRM? > > > > > > > > > > > > > > > > > > > IDRM has obviously been dormant for about a year. > > > > > > > > > >SNIP< > > > > > > > > > > > > > > > > > > > > > > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From thardjono@verisign.com Fri Dec 13 19:20:38 2002 From: thardjono@verisign.com (Thomas Hardjono) Date: Fri, 13 Dec 2002 14:20:38 -0500 Subject: [IETF-IDRM] can we now resume the discussion? In-Reply-To: <5.1.1.5.2.20021213101648.047bcd10@mira-sjc5-6.cisco.com> Message-ID: <5.0.0.25.2.20021213141154.02cd64f8@pop.mail.yahoo.com> I'll take the risk of posting the current list of members. I hope people won't mind. (PS. as a member, you should also be able to query the server to find out other members). As of 2:15pm-EST, we have: abie@nr.no Anne.Anderson@sun.com cemisc@earthlink.net chuck.powers@motorola.com cjm@drmconsulting.com cmollis@objectlab.com csp@csperkins.org davidhit@microsoft.com eddie.chen@contentguard.com eneylon@manifestsolutions.com erik_lambert@compuserve.com ganesh@ivast.com glarose@info-mech.com hpunt@agere.com imlucid@apple.com jbeavon@ndsuk.com jmorris@cdt.org jpetrone@cnri.reston.va.us jpolimen@us.ibm.com jrinaldi@objectlab.com julietteadams@september15.net ksankar@cisco.com lists29051972@gmx.de lyon@nist.gov maurice@bizzarri.org mbaugher@cisco.com mmackay@intertrust.com monique@vandusseldorp.com mtang@fla.fujitsu.com n.paskin@doi.org paul@airgonetworks.com robin@isogen.com rreeder@rightsline.com staddon@parc.com susanne.guth@wu-wien.ac.at swiles@microsoft.com thardjono@verisign.com thardjono@yahoo.com vern@icir.org At 12/13/2002||10:17 AM, Mark Baugher wrote: >maybe it would be good to find out if anyone else has joined the >list. thomas, can you send out the current list? > >thanks, Mark > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From mbaugher@cisco.com Fri Dec 13 19:36:12 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Fri, 13 Dec 2002 11:36:12 -0800 Subject: [IETF-IDRM] can we now resume the discussion? In-Reply-To: <5.0.0.25.2.20021213141154.02cd64f8@pop.mail.yahoo.com> References: <5.1.1.5.2.20021213101648.047bcd10@mira-sjc5-6.cisco.com> Message-ID: <5.1.1.5.2.20021213113317.02150210@mira-sjc5-6.cisco.com> It's too bad that Sam Sun is out of pocket. I guess he is currently in some place with no internet connection. Sam has contributed a lot to discussions on re-chartering the group. Mark At 02:20 PM 12/13/2002 -0500, Thomas Hardjono wrote: >I'll take the risk of posting the current list of members. I hope people >won't mind. > >(PS. as a member, you should also be able to query the server to find out >other members). > >As of 2:15pm-EST, we have: > >abie@nr.no >Anne.Anderson@sun.com >cemisc@earthlink.net >chuck.powers@motorola.com >cjm@drmconsulting.com >cmollis@objectlab.com >csp@csperkins.org >davidhit@microsoft.com >eddie.chen@contentguard.com >eneylon@manifestsolutions.com >erik_lambert@compuserve.com >ganesh@ivast.com >glarose@info-mech.com >hpunt@agere.com >imlucid@apple.com >jbeavon@ndsuk.com >jmorris@cdt.org >jpetrone@cnri.reston.va.us >jpolimen@us.ibm.com >jrinaldi@objectlab.com >julietteadams@september15.net >ksankar@cisco.com >lists29051972@gmx.de >lyon@nist.gov >maurice@bizzarri.org >mbaugher@cisco.com >mmackay@intertrust.com >monique@vandusseldorp.com >mtang@fla.fujitsu.com >n.paskin@doi.org >paul@airgonetworks.com >robin@isogen.com >rreeder@rightsline.com >staddon@parc.com >susanne.guth@wu-wien.ac.at >swiles@microsoft.com >thardjono@verisign.com >thardjono@yahoo.com >vern@icir.org > > > >At 12/13/2002||10:17 AM, Mark Baugher wrote: >>maybe it would be good to find out if anyone else has joined the >>list. thomas, can you send out the current list? >> >>thanks, Mark >> >> >>_______________________________________________ >>ietf-idrm mailing list >>ietf-idrm@idrm.org >>http://www.pairlist.net/mailman/listinfo/ietf-idrm From thardjono@yahoo.com Fri Dec 13 16:16:18 2002 From: thardjono@yahoo.com (Thomas Hardjono) Date: Fri, 13 Dec 2002 11:16:18 -0500 Subject: [IETF-IDRM] test - ignore Message-ID: <5.0.0.25.2.20021213111606.04616d00@pop.mail.yahoo.com> test - ignore From mbaugher@cisco.com Sat Dec 14 00:16:36 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Fri, 13 Dec 2002 16:16:36 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <5.0.0.25.2.20021213132233.02dc9e90@pop.mail.yahoo.com> References: Message-ID: <5.1.1.5.2.20021213154952.046d3aa0@mira-sjc5-6.cisco.com> So far as technology goes, we can point to each item on Joe's list and say which organization is doing it or trying to. Number 3, like the other two, are really engineering tasks that are better suited to the IETF than to an IRTF group. I'll tell you what I think would be truly interesting: A DRM system that transfers rights, protects privacy, and performs clearing functions without the need for any cryptography whatsoever. Cryptography is not a household technology today (http://www-2.cs.cmu.edu/~alma/johnny.pdf) and may not be in the future. Although it is embedded in DVDs, DVD players, and DVD recorders, anyone can discover how to decipher an encrypted movie who truly wants to. So what does the cryptography on DVDs accomplish? It keeps "honest people honest" (http://cryptome.org/wipo-imp99-3.htm) or "lazy people honest" by making it inconvenient to make unauthorized copies (or more than one or however many are made under fair use provisions). Cryptography is more complexity than is needed to keep honest people honest, and cryptography is not appropriate for cases where the user who controls the machine is trying to subvert it. It's too much protection for the netizen and too little protection against the hacker. And it is expensive in infrastructure and people's time. The complexity is considerable. PKIs are substantial investments with uncertain returns. Smart cards can cost $20/user per year and there is no universal smart card (and probably never will be). A cryptography-free DRM is probably the most useful technology we could investigate. The crypto-rich DRM is being developed all over the place. Mark At 01:35 PM 12/13/2002 -0500, Thomas Hardjono wrote: >Joe, > >At 12/12/2002||08:54 AM, Joe Polimeni wrote: > >>I believe the best thing the group could do is: >>1. Define the file format (a.k.a. package format) for a DRM protected >>file. Currently each DRM products has it's own proprietary format. >>2. Recommend a rights expression language (ORDL or XrML). >>3. Recommend a key flow. > >No. 3 (key flow) is a good idea, I think. As to No. 2, I don't think the >IETF will be willing to recommend a language. Also, XrML is being >addressed in Oasis and ODRL within the OMA (I think). > >I'm not sure about file formats (No.1). Ceratin content types, such as >MPEG, do have a standard content format, and the metadata is expressed in >the MPEG REL. > > >>The group should stay away any ideological issues. DRM will be used in a >>variety of situations, not just for music or video. Unless we want a >>single company to set the direction and provide all the tools we need to >>set standards. > >Agreed :) > > >>I also think the group should stay away from the technology for developing >>the "client." Each individual company should make its own protected >>client, and the content owner can restrict which client can use the content >>with certificates. > >Agree. I would roughly equate "client" to "Terminal". Earlier in this >discussion Paul Judge mentioned "architectures" and "secure >distribution/conditional access". These seem to be a natural IETF work item. > >cheers, > >thomas >------ > > > >>Joe >> >>----- Forwarded by Joe Polimeni/Fort Lauderdale/IBM on 12/12/2002 08:45 AM >>----- >> >> Paul Lambert >> > >> tworks.Com> cc: >> ietf-idrm@lists.elistx.com >> Subject: RE: [IDRM] >> Disband or recharter IDRM? >> 12/11/2002 08:37 PM >> >> >> >> >> >> >> >> >> > Paul >> > www.irtf.org is the main page from which you can navigate >> > to the IDRM >> > page, which is where the RG deliverables are described. >> >>Yes, but .. >> >>The 'deliverables' are not clear ... for example: >> >>"The IDRM Research Group will begin its work by surveying the area of >>Digital Rights Management (DRM), and develop a coherent taxonomy of >>problems related to DRM with their inter- relationships." >> >>I'm not sure how I would use this result. >> >>Picking a smaller clearer deliverable would hopefully get more interest and >>involvement. >> >>Paul >> >> >> >> >> >> > -----Original Message----- >> > From: Mark Baugher [mailto:mbaugher@cisco.com] >> > Sent: Wednesday, December 11, 2002 5:26 PM >> > To: Paul Lambert >> > Cc: ietf-idrm@lists.elistx.com >> > Subject: RE: [IDRM] Disband or recharter IDRM? >> > >> > >> > Paul >> > www.irtf.org is the main page from which you can navigate >> > to the IDRM >> > page, which is where the RG deliverables are described. >> > >> > Mark >> > At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote: >> > >> > > > Just so we are all on the same page, a stated "business >> > reason" is not >> > > > among the criteria used to establish and guide an >> > Internet Research Task >> > > > Force (IRTF) Research Group such as IDRM >> > > >> > >There needs to be some reason for the community at large to >> > participate. >> > > >> > > > Force (IRTF) Research Group such as IDRM >> > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >> > > >> > > >> > >Which says: >> > > >> > > The products of a Research Group are research >> > > results that may be disseminated by publication in >> > scholarly journals >> > > and conferences, as white papers for the community, as >> > Informational >> > > RFCs, and so on. In addition, it is expected that technologies >> > > developed in a Research Group will be brought to the >> > IETF as input to >> > > IETF Working Group(s) for possible standardization. >> > > >> > >It does not say 'discussion forum'. What are the specific >> > work products >> > >for this group? >> > > >> > > >> > >Paul >> > > >> > > > -----Original Message----- >> > > > From: Mark Baugher [mailto:mbaugher@cisco.com] >> > > > Sent: Wednesday, December 11, 2002 3:22 PM >> > > > To: Paul Lambert >> > > > Cc: ietf-idrm@lists.elistx.com >> > > > Subject: RE: [IDRM] Disband or recharter IDRM? >> > > > >> > > > >> > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote: >> > > > >> > > > > > Please, I do not have a business need for these emails. >> > > > > >> > > > >Perhaps no one has a business reason for this committee and >> > > > it should be >> > > > >disbanded. >> > > > >> > > > Just so we are all on the same page, a stated "business >> > > > reason" is not >> > > > among the criteria used to establish and guide an Internet >> > > > Research Task >> > > > Force (IRTF) Research Group such as IDRM >> > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt) >> > > > >> > > > Mark >> > > > >> > > > >> > > > >Business reasons for a specific technology does not >> > > > guarentee that there >> > > > >is any reason for an open interoperable standard. >> > > > > >> > > > > >> > > > >Paul >> > > > > >> > > > > > -----Original Message----- >> > > > > > From: Theisen, Isabelle >> > [mailto:Isabelle.Theisen@unistudios.com] >> > > > > > Sent: Wednesday, December 11, 2002 2:48 PM >> > > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com'; >> > > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com' >> > > > > > Subject: RE: [IDRM] Disband or recharter IDRM? >> > > > > > >> > > > > > >> > > > > > Please, I do not have a business need for these emails. >> > > > > > Please, remove from the list. >> > > > > > >> > > > > > >> > > > > > -----Original Message----- >> > > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com] >> > > > > > Sent: Wednesday, December 11, 2002 2:09 PM >> > > > > > To: Gord Larose >> > > > > > Cc: ietf-idrm@lists.elistx.com >> > > > > > Subject: Re: [IDRM] Disband or recharter IDRM? >> > > > > > >> > > > > > >> > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote: >> > > > > > >Hi Thomas, >> > > > > > >Thanks for the feedback and update. At a high level I >> > > > agree with you >> > > > > > >completely. >> > > > > > > >> > > > > > >However, at a technical level, "Open source DRM" makes my >> > > > > > brain hurt. It's >> > > > > > >hard enough hide anything in BINARY inside a PC; but like it >> > > > > > or not, that's >> > > > > > >one thing DRM has to do. I should know... the NetActive >> > > > > > technology I was >> > > > > > >largely responsible for addresses exactly that problem. That >> > > > > > technology has >> > > > > > >never, to my knowledge, been publicly cracked... but I doubt >> > > > > > that would have >> > > > > > >been true if we'd published the source ! >> > > > > > >> > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :) >> > > > > > However, this >> > > > > > seems to be the only way to provide an alternative to >> > proprietary >> > > > > > technology. In many cases, perhaps the mom-and-pop >> > > > > > "publisher" does not >> > > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but >> > > > > > enough to >> > > > > > discourage non-technical people from trying to break it. >> > > > > > >> > > > > > >> > > > > > >And from a business perspective, Mom & Pop businesses >> > > > already have >> > > > > > >inexpensive, low-end protection technologies >> > available e.g. from >> > > > > > >third-party software TBYB wrappers, or via, say, Windows >> > > > > > Media Player DRM. >> > > > > > >The obstacles are more about complexity, churn, supplier >> > > > > > viability, trust, >> > > > > > >and branding, than about cost or availability. >> > > > > > >> > > > > > Hmm, I'm not sure I follow here. WMP is only for certain >> > > > > > types of contents >> > > > > > (e.g. not books, newspapers, newletters, etc). >> > > > > > >> > > > > > >> > > > > > >> > > > > > >So we'd have to be careful about what the values of such a >> > > > > > system were... if >> > > > > > >we could figure out how it would work ! >> > > > > > > >> > > > > > >Here's an entertaining thought: suppose we emphasize TRUST >> > > > > > and CONTINUITY. >> > > > > > >Maybe we could even subvert Palladium and the Fritz Chip to >> > > > > > nobler ends ? >> > > > > > >i.e. a system that WILL, in some sense, robustly protect >> > > > > > content, but WILL >> > > > > > >NOT - as a matter of the supplier's policy - do any of the >> > > > > > things that >> > > > > > >consumers and libertarians rightly fear ? And a further >> > > > benefit of an >> > > > > > >open-source (that may not be the right term, maybe >> > > > > > "distributed ownership" >> > > > > > >is better) model could be the continuing availability of the >> > > > > > solution e.g. >> > > > > > >Red Hat may die, but Linux won't. >> > > > > > >> > > > > > >> > > > > > OK, so this is a *very* interesting question. These are >> > > > the types of >> > > > > > questions that needs to be discussed in a open forum and >> > > > > > where pieces of it >> > > > > > can be standardized (the way many pieces of Linux has been >> > > > > > standardized). >> > > > > > >> > > > > > cheers, >> > > > > > >> > > > > > thomas >> > > > > > ------ >> > > > > > >> > > > > > >> > > > > > >> > > > > > >I'm not sure how to do this, but maybe we could >> > figure it out ! >> > > > > > > >> > > > > > >Cheers, >> > > > > > > Gord 8-) >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > >----- Original Message ----- >> > > > > > >From: "Thomas Hardjono" >> > > > > > >To: ; >> > > > > > >Sent: Wednesday, December 11, 2002 12:55 PM >> > > > > > >Subject: Re: [IDRM] Disband or recharter IDRM? >> > > > > > > >> > > > > > > >> > > > > > > > >> > > > > > > > Gord, >> > > > > > > > >> > > > > > > > I agree with most of your comments. Judging from the >> > > > > > "emotional outcry" we >> > > > > > > > received at the last IDRM meeting (Salt Lake City IETF, >> > > > > > end of 2001), DRM >> > > > > > > > seems to mean different things to different people. >> > > > > > > > >> > > > > > > > >> > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote: >> > > > > > > > >Hello: >> > > > > > > > > Most of you on the list will not know me, as I came >> > > > > > in during your >> > > > > > >period >> > > > > > > > >of dormancy. I too have been mulling these issues, as >> > > > > > the DRM company >> > > > > > >that >> > > > > > > > >I helped found (NetActive) struggled like most others in >> > > > > > the space. >> > > > > > > > > >> > > > > > > > >I think there are two classes of issues here - the >> > > > > > social-advocacy ones >> > > > > > > > >and the technical ones. >> > > > > > > > > >> > > > > > > > >The social-advocacy issues are horribly subjective. The >> > > > > > concerns were >> > > > > > > > >well expressed in Mark's email, and we could spend >> > > > > > thousands of words >> > > > > > > > >debating them. For what it >> > > > > > > > >is worth, I believe that DRM is not philosophically >> > > > > > wrong, and further, >> > > > > > >that >> > > > > > > > >it is commercially necessary. However, I do not believe >> > > > > > that the current >> > > > > > > > >"axis of greed" between Hollywood and Washington >> > > > serves the best >> > > > > > >interests >> > > > > > > > >of American citizens and, as a Canadian, I am very >> > > > > > concerned about the >> > > > > > > > >United States' efforts to impose its draconian views >> > > > of copyright >> > > > > > > > >enforcement on the rest of the world. >> > > > > > > > > Good DRM does not have to put Big Brother on your hard >> > > > > > drive. If it >> > > > > > >does, >> > > > > > > > >then the price is too high. >> > > > > > > > >> > > > > > > > Right. So one of the notions we put forward in the IETF >> > > > > > was: is it at all >> > > > > > > > possible to create "open-source DRM technologies", so >> > > > that small >> > > > > > > > mom-and-pop publishers need not pay $$$ for proprietary >> > > > > > solutions. The >> > > > > > > > analogy is that with Linux and the Apache webserver, >> > > > > > which are available >> > > > > > > > for around $30. >> > > > > > > > Another useful comparison in the RSA encryption >> > > > > > algorithm, which is good >> > > > > > > > technology, well understood, standardized and now finally >> > > > > > over the patent >> > > > > > > > hurdle. >> > > > > > > > >> > > > > > > > I realize that some folks take the (radical) position of >> > > > > > being against any >> > > > > > > > development of DRM technology whatsoever. The best way >> > > > > > to ensure Big >> > > > > > > > Brother does not happen is to go against any work >> > > > > > relating to DRM. The >> > > > > > > > reality is that DRM Technology is here to stay >> > > > > > (proprietary), whether we >> > > > > > > > like it or not. It will ship inside PCs and in consumer >> > > > > > electronics >> > > > > > > > devices. I think such a position actually helps the Big >> > > > > > Brother syndrome, >> > > > > > > > as it does not provide an option to the general public as >> > > > > > to alternative >> > > > > > > > sources of technology. >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >On a philosophical level then, I say there is a need for >> > > > > > smart people to >> > > > > > > > >build workable DRM that citizens can live with. >> > > > > > > > > >> > > > > > > > >The point issue of this technical group's mandate is >> > > > > > much clearer IMO. >> > > > > > >The >> > > > > > > > >core >> > > > > > > > >technology challenges for DRM are terminal node >> > > > > > challenges, not network >> > > > > > > > >challenges. Sure, a network is usually involved, but DRM >> > > > > > is nothing >> > > > > > >special >> > > > > > > > >for the network. DRM's basic network needs are nothing >> > > > > > harder than >> > > > > > > > >http/https over tcp/ip. And the terminal mode challenges >> > > > > > are largely >> > > > > > >about >> > > > > > > > >things like tamper-resistance, which are proprietary >> > > > and not very >> > > > > > >amenable >> > > > > > > > >to >> > > > > > > > >standardization. It's not something where an IETF group >> > > > > > adds much value. >> > > > > > > > >> > > > > > > > Right. This is where the word "DRM" is I think a >> > > > > > misnomer for the IETF >> > > > > > > > efforts. You are absolutely right, that DRM is indeed >> > > > > > "terminal node >> > > > > > > > challenges" (ie. development of rights-enforcing >> > > > > > terminals), which is not >> > > > > > > > the traditional area of work for the IETF. >> > > > > > > > >> > > > > > > > However, there some network issues that is part of what I >> > > > > > call the "DRM >> > > > > > > > macrocosm", which included functions relating to >> > > > > > look-ups, secure network >> > > > > > > > storage, transaction clearinghouse, etc. These would >> > > > appear to be >> > > > > > >suitable >> > > > > > > > for work items in the IETF. >> > > > > > > > >> > > > > > > > Thus, one possible change to IDRM is a new name that is >> > > > > > less likely to be >> > > > > > > > controversial. >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >So where does that leave the group ? Seems to me the >> > > > > > options include: >> > > > > > > > >1) disband >> > > > > > > > >2) generalize the focus to a multidisciplinary one, >> > > > > > along the lines of >> > > > > > > > >http://www.bcdforum.org . (Though I have to confess >> > > > I find that >> > > > > > >organization >> > > > > > > > >lacking substance.) >> > > > > > > > >3) Find specific technical problems that are obstacles >> > > > > > to good (i.e. >> > > > > > > > >effective but not Orwellian) DRM, which are going >> > > > > > begging, and in scope, >> > > > > > > > >and work on solutions. >> > > > > > > > > >> > > > > > > > >I don't have a top-of-mind suggestion for #3, but it >> > > > > > sounds like the most >> > > > > > > > >fun! >> > > > > > > > >> > > > > > > > Yes, the keyword is "fun". Perhaps others on the list >> > > > > > may have specific >> > > > > > > > suggestions? >> > > > > > > > >> > > > > > > > cheers, >> > > > > > > > >> > > > > > > > thomas >> > > > > > > > ------ >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >Other thoughts ??? >> > > > > > > > > >> > > > > > > > >Best Regards, >> > > > > > > > > Gord Larose >> > > > > > > > > >> > > > > > > > >----- Original Message ----- >> > > > > > > > >From: "Mark Baugher" >> > > > > > > > >To: >> > > > > > > > >Cc: ; "Vern Paxson" >> > > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM >> > > > > > > > >Subject: [IDRM] Disband or recharter IDRM? >> > > > > > > > > >> > > > > > > > > > IDRM has obviously been dormant for about a year. >> > > > > > > > > >SNIP< >> > > > > > > > >> > > > > > >> > > > >> > >> >> >> >>_______________________________________________ >>ietf-idrm mailing list >>ietf-idrm@idrm.org >>http://www.pairlist.net/mailman/listinfo/ietf-idrm > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From glarose@info-mech.com Mon Dec 16 17:59:01 2002 From: glarose@info-mech.com (Gord Larose) Date: Mon, 16 Dec 2002 12:59:01 -0500 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? References: <5.1.1.5.2.20021213154952.046d3aa0@mira-sjc5-6.cisco.com> Message-ID: <012f01c2a52c$d0f29ca0$0400a8c0@sympatico.ca> Mark: I'm not sure why you see cryptography as the bad guy here. Cryptography is just a tool in the tool-kit. And it's a good tool, if you use it properly. You don't need to drag in PKI, personal certs, smart-cards, and all that sort of baggage, for it to play a useful role. For example, one system I designed uses elGamal encryption to prevent server spoofing. This is completely invisible to the user (i.e. adds no complexity that matters externally) and since elGamal is in the public domain, could be implemented locally with no IP headaches, no thrid-party authorities etc. I do agree that, at least in open systems, cryptography is not sufficient as "the" security solution. (If anyone needs more convincing on that point, I have a Web page on the subject at http://www.info-mech.com/drm_cryptography.html . ) Stepping back from the technology for a moment, what do you see as the desirable VALUES of the system under discussion ? I think end-user simplicity is the one you're getting at. Maybe we can brainstorm some of the others to see if we agree on our hypothetical "definition of success." Cheers, Gord 8-) P.S. It seems like a consumer smart-card DRM solution may be emerging from industry, which is probably of interest to this group: http://www.eet.com/sys/news/OEG20021213S0034 ----- Original Message ----- From: "Mark Baugher" To: "Thomas Hardjono" Cc: "Joe Polimeni" ; Sent: Friday, December 13, 2002 7:16 PM Subject: Re: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? > So far as technology goes, we can point to each item on Joe's list and say > which organization is doing it or trying to. Number 3, like the other two, > are really engineering tasks that are better suited to the IETF than to an > IRTF group. > > I'll tell you what I think would be truly interesting: A DRM system that > transfers rights, protects privacy, and performs clearing functions without > the need for any cryptography whatsoever. Cryptography is not a household > technology today (http://www-2.cs.cmu.edu/~alma/johnny.pdf) and may not be > in the future. Although it is embedded in DVDs, DVD players, and DVD > recorders, anyone can discover how to decipher an encrypted movie who truly > wants to. So what does the cryptography on DVDs accomplish? It keeps > "honest people honest" (http://cryptome.org/wipo-imp99-3.htm) or "lazy > people honest" by making it inconvenient to make unauthorized copies (or > more than one or however many are made under fair use > provisions). Cryptography is more complexity than is needed to keep honest > people honest, and cryptography is not appropriate for cases where the user > who controls the machine is trying to subvert it. It's too much protection > for the netizen and too little protection against the hacker. And it is > expensive in infrastructure and people's time. The complexity is > considerable. PKIs are substantial investments with uncertain > returns. Smart cards can cost $20/user per year and there is no universal > smart card (and probably never will be). > > A cryptography-free DRM is probably the most useful technology we could > investigate. The crypto-rich DRM is being developed all over the place. > > Mark > > >SNIP< From mbaugher@cisco.com Tue Dec 17 05:37:37 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Mon, 16 Dec 2002 21:37:37 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <012f01c2a52c$d0f29ca0$0400a8c0@sympatico.ca> References: <5.1.1.5.2.20021213154952.046d3aa0@mira-sjc5-6.cisco.com> Message-ID: <5.1.1.5.2.20021216112241.0469fd20@mira-sjc5-6.cisco.com> hi Gordon, At 12:59 PM 12/16/2002 -0500, Gord Larose wrote: >Mark: > I'm not sure why you see cryptography as the bad guy here. I don't mean to call it "the bad guy." But I think that it is not always needed for internet entertainment applications. Besides that, practically every DRM service that may need cryptography is under development or planned by some industry group. >Cryptography is just a tool in the tool-kit. And it's a good tool, if you >use it properly. You don't need to drag in PKI, personal certs, >smart-cards, and all that sort of baggage, for it to play a useful role. For >example, one system I designed uses elGamal encryption to prevent server >spoofing. This is completely invisible to the user (i.e. adds no complexity >that matters externally) and since elGamal is in the public domain, could be >implemented locally with no IP headaches, no thrid-party authorities etc. I think RSA encryption is also in the public domain and more widely used. ElGamal encryption supports a subliminal channel but doubles the size of the plaintext. Right? >I do agree that, at least in open systems, cryptography is not sufficient as >"the" security solution. (If anyone needs more convincing on that point, I >have a Web page on the subject at > http://www.info-mech.com/drm_cryptography.html . ) I agree with practically everything you write on this page (I wished you had used a less divisive example than WWII - (why not use the communists since hardly anyone cares about them anymore?). >Stepping back from the technology for a moment, what do you see as the >desirable VALUES of the system under discussion ? What do you mean by "VALUES" here? >I think end-user simplicity is the one you're getting at. Maybe we can >brainstorm some of the others to see if we agree on our hypothetical >"definition of success." If a party does not have a vested interest in protecting a secret in a device it controls, then I don't think cryptography is appropriate. So one value, if I'm using the word properly, is that we need a DRM where each party has a vested interest to use content works in an authorized way. Mark >Cheers, > Gord 8-) > >P.S. It seems like a consumer smart-card DRM solution may be emerging from >industry, which is probably of interest to this group: >http://www.eet.com/sys/news/OEG20021213S0034 > > >----- Original Message ----- >From: "Mark Baugher" >To: "Thomas Hardjono" >Cc: "Joe Polimeni" ; >Sent: Friday, December 13, 2002 7:16 PM >Subject: Re: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? > > > > So far as technology goes, we can point to each item on Joe's list and say > > which organization is doing it or trying to. Number 3, like the other >two, > > are really engineering tasks that are better suited to the IETF than to an > > IRTF group. > > > > I'll tell you what I think would be truly interesting: A DRM system that > > transfers rights, protects privacy, and performs clearing functions >without > > the need for any cryptography whatsoever. Cryptography is not a household > > technology today (http://www-2.cs.cmu.edu/~alma/johnny.pdf) and may not be > > in the future. Although it is embedded in DVDs, DVD players, and DVD > > recorders, anyone can discover how to decipher an encrypted movie who >truly > > wants to. So what does the cryptography on DVDs accomplish? It keeps > > "honest people honest" (http://cryptome.org/wipo-imp99-3.htm) or "lazy > > people honest" by making it inconvenient to make unauthorized copies (or > > more than one or however many are made under fair use > > provisions). Cryptography is more complexity than is needed to keep >honest > > people honest, and cryptography is not appropriate for cases where the >user > > who controls the machine is trying to subvert it. It's too much >protection > > for the netizen and too little protection against the hacker. And it is > > expensive in infrastructure and people's time. The complexity is > > considerable. PKIs are substantial investments with uncertain > > returns. Smart cards can cost $20/user per year and there is no universal > > smart card (and probably never will be). > > > > A cryptography-free DRM is probably the most useful technology we could > > investigate. The crypto-rich DRM is being developed all over the place. > > > > Mark > > > > > >SNIP< > > >_______________________________________________ >ietf-idrm mailing list >ietf-idrm@idrm.org >http://www.pairlist.net/mailman/listinfo/ietf-idrm From mbaugher@cisco.com Tue Dec 17 15:58:22 2002 From: mbaugher@cisco.com (Mark Baugher) Date: Tue, 17 Dec 2002 07:58:22 -0800 Subject: [IETF-IDRM] RE: [IDRM] Disband or recharter IDRM? In-Reply-To: <3DFF2849.8070208@igd.fhg.de> References: <5.1.1.5.2.20021213154952.046d3aa0@mira-sjc5-6.cisco.com> <5.1.1.5.2.20021216112241.0469fd20@mira-sjc5-6.cisco.com> Message-ID: <5.1.1.5.2.20021217075222.09ee7ec0@mira-sjc5-6.cisco.com> hi Martin, At 02:36 PM 12/17/2002 +0100, Martin Schmucker wrote: <...> >>I don't mean to call it "the bad guy." But I think that it is not always >>needed for internet entertainment applications. Besides that, >>practically every DRM service that may need cryptography is under >>development or planned by some industry group. > >Is IDRM limited to internet entertainment? Also I didn't get the point >with the cryptography and its connection with industry groups. Could >somebody please explain that to me? No, IDRM is not limited to internet entertainment. My point about cryptography is this: It is being widely applied to DRM by practically every standards body or industry group that is developing DRM standards and technology. >>If a party does not have a vested interest in protecting a secret in a >>device it controls, then I don't think cryptography is appropriate. So >>one value, if I'm using the word properly, is that we need a DRM where >>each party has a vested interest to use content works in an authorized way. > >Concerning the use of cryptography, I think it is essential at least for >the exchange of information from the rights owner to the customer. I don't >think that a cryptography-free DRM system is possible. What would be its >benefits? I agree. thanks, Mark >Best wishes, >Martin