[IETF-IDRM] Re: [IDRM] Disband or recharter IDRM?

Thomas Hardjono thardjono@yahoo.com
Wed, 11 Dec 2002 17:08:34 -0500 

At 12/11/2002||03:16 PM, Gord Larose wrote:
>Hi Thomas,
>Thanks for the feedback and update. At a high level I agree with you
>completely.
>
>However, at a technical level, "Open source DRM" makes my brain hurt.  It's
>hard enough hide anything in BINARY inside a PC; but like it or not, that's
>one thing  DRM has to do.  I should know... the NetActive technology I was
>largely responsible for addresses exactly that problem. That technology has
>never, to my knowledge, been publicly cracked... but I doubt that would have
>been true if we'd published the source !

Yes, I agree: "open source DRM" makes my brain hurt too :)  However, this 
seems to be the only way to provide an alternative to proprietary 
technology.  In many cases, perhaps the mom-and-pop "publisher" does not 
need 100% hack-proof DRM (maybe not even 90% hack-proof), but enough to 
discourage non-technical people from trying to break it.


>And from a business perspective, Mom & Pop businesses already have
>inexpensive,  low-end protection technologies available e.g. from
>third-party software TBYB wrappers, or via, say, Windows Media Player DRM.
>The obstacles are more about complexity, churn,  supplier viability, trust,
>and branding, than about cost or availability.

Hmm, I'm not sure I follow here.  WMP is only for certain types of contents 
(e.g. not books, newspapers, newletters, etc).



>So we'd have to be careful about what the values of such a system were... if
>we could figure out how it would work !
>
>Here's an entertaining thought: suppose we emphasize TRUST and CONTINUITY.
>Maybe we could even subvert Palladium and the Fritz Chip to nobler ends ?
>i.e. a system that WILL, in some sense, robustly protect content, but WILL
>NOT - as a matter of the supplier's policy  - do any of  the things that
>consumers and libertarians rightly fear ? And a further benefit of an
>open-source (that may not be the right term, maybe "distributed ownership"
>is better) model could be the continuing availability of the solution e.g.
>Red Hat may die, but Linux won't.


OK, so this is a *very* interesting question.  These are the types of 
questions that needs to be discussed in a open forum and where pieces of it 
can be standardized (the way many pieces of Linux has been standardized).

cheers,

thomas
------



>I'm not sure how to do this, but maybe we could figure it out !
>
>Cheers,
>    Gord 8-)
>
>
>
>----- Original Message -----
>From: "Thomas Hardjono" <thardjono@verisign.com>
>To: <glarose@info-mech.com>; <ietf-idrm@lists.elistx.com>
>Sent: Wednesday, December 11, 2002 12:55 PM
>Subject: Re: [IDRM] Disband or recharter IDRM?
>
>
> >
> > Gord,
> >
> > I agree with most of your comments. Judging from the "emotional outcry" we
> > received at the last IDRM meeting (Salt Lake City IETF, end of 2001), DRM
> > seems to mean different things to different people.
> >
> >
> > At 12/11/2002||09:23 AM, Gord Larose wrote:
> > >Hello:
> > >   Most of you on the list will not know me, as I came in during your
>period
> > >of dormancy. I too have been mulling these issues, as the DRM company
>that
> > >I helped found (NetActive) struggled like most others in the space.
> > >
> > >I think there are two classes of issues here - the social-advocacy ones
> > >and the technical ones.
> > >
> > >The social-advocacy issues are horribly subjective. The concerns were
> > >well expressed in Mark's email, and we could spend thousands of words
> > >debating them.  For what it
> > >is worth, I believe that DRM is not philosophically wrong, and further,
>that
> > >it is commercially necessary. However, I do not believe that the current
> > >"axis of greed" between Hollywood and Washington serves the best
>interests
> > >of American citizens and, as a Canadian, I am very concerned about the
> > >United States' efforts to impose its draconian views of copyright
> > >enforcement on the rest of the world.
> > >  Good DRM does not have to put Big Brother on your hard drive. If it
>does,
> > >then the price is too high.
> >
> > Right. So one of the notions we put forward in the IETF was:  is it at all
> > possible to create "open-source DRM technologies", so that small
> > mom-and-pop publishers need not pay $$$ for proprietary solutions.  The
> > analogy is that with Linux and the Apache webserver, which are available
> > for around $30.
> > Another useful comparison in the RSA encryption algorithm, which is good
> > technology, well understood, standardized and now finally over the patent
> > hurdle.
> >
> > I realize that some folks take the (radical) position of being against any
> > development of DRM technology whatsoever.  The best way to ensure Big
> > Brother does not happen is to go against any work relating to DRM. The
> > reality is that DRM Technology is here to stay (proprietary), whether we
> > like it or not.  It will ship inside PCs and in consumer electronics
> > devices.  I think such a position actually helps the Big Brother syndrome,
> > as it does not provide an option to the general public as to alternative
> > sources of technology.
> >
> >
> >
> > >On a philosophical level then, I say there is a need for smart people to
> > >build workable DRM that citizens can live with.
> > >
> > >The point issue of this technical group's mandate is much clearer IMO.
>The
> > >core
> > >technology challenges for DRM are terminal node challenges, not network
> > >challenges. Sure, a network is usually involved, but DRM is nothing
>special
> > >for the network. DRM's basic network needs are nothing harder than
> > >http/https over tcp/ip. And the terminal mode challenges are largely
>about
> > >things like tamper-resistance, which are proprietary and not very
>amenable
> > >to
> > >standardization. It's not something where an IETF group adds much value.
> >
> > Right.  This is where the word "DRM" is I think a misnomer for the IETF
> > efforts.  You are absolutely right, that DRM is indeed "terminal node
> > challenges" (ie. development of rights-enforcing terminals), which is not
> > the traditional area of work for the IETF.
> >
> > However, there some network issues that is part of what I call the "DRM
> > macrocosm", which included functions relating to look-ups, secure network
> > storage, transaction clearinghouse, etc.  These would appear to be
>suitable
> > for work items in the IETF.
> >
> > Thus, one possible change to IDRM is a new name that is less likely to be
> > controversial.
> >
> >
> >
> > >So where does that leave the group ? Seems to me the options include:
> > >1) disband
> > >2) generalize the focus to a multidisciplinary one, along the lines of
> > >http://www.bcdforum.org . (Though I have to confess I find that
>organization
> > >lacking substance.)
> > >3) Find specific technical problems that are obstacles to good (i.e.
> > >effective but not Orwellian) DRM, which are going begging, and in scope,
> > >and work on solutions.
> > >
> > >I don't have a top-of-mind suggestion for #3, but it sounds like the most
> > >fun!
> >
> > Yes, the keyword is "fun".  Perhaps others on the list may have specific
> > suggestions?
> >
> > cheers,
> >
> > thomas
> > ------
> >
> >
> >
> >
> >
> > >Other thoughts ???
> > >
> > >Best Regards,
> > >    Gord Larose
> > >
> > >----- Original Message -----
> > >From: "Mark Baugher" <mbaugher@cisco.com>
> > >To: <ietf-idrm@lists.elistx.com>
> > >Cc: <thardjono@yahoo.com>; "Vern Paxson" <vern@icir.org>
> > >Sent: Tuesday, December 10, 2002 6:43 PM
> > >Subject: [IDRM] Disband or recharter IDRM?
> > >
> > > > IDRM has obviously been dormant for about a year.
> > > >SNIP<
> >