[IETF-IDRM] RE: [IDRM] Disband or recharter IDRM?
Mark Baugher
mbaugher@cisco.com
Thu, 12 Dec 2002 08:24:48 -0800
hi Joe,
At 08:54 AM 12/12/2002 -0500, Joe Polimeni wrote:
>I believe the best thing the group could do is:
>1. Define the file format (a.k.a. package format) for a DRM protected
>file. Currently each DRM products has it's own proprietary format.
The Internet Streaming Media Alliance is defining an MP4 file format for
encrypted media streams. This will likely be an open standard though the
work is not yet publicly available - it will probably be available in a
matter of months.
>2. Recommend a rights expression language (ORDL or XrML).
MPEG-21 is doing this I think
>3. Recommend a key flow.
This is something that is more of an internet infrastructure issue and is
an area that I thought would be appropriate for IDRM. Content
identification systems are another area. The interest in these topics has
been thin up to this point. But, keys are an interesting problem,
particularly keys for consumers. There are not yet large-scale public key
infrastructures capable of supporting consumer access to entertainment
content, and I don't know of any under development. Many people think that
this type of technology is unsuitable for widespread, consumer use. Smart
cards are perhaps the most widely used solution in digital
television. Internet entertainment systems typically will have a back
channel and a variety of means for authorization and authentication of
devices and even people. It's not clear what the best solution will if the
content is encrypted, which is something that Hollywood typically requires.
I have come to believe that it would be best if we could dispense with
encryption and cryptography altogether. I don't think much would be lost
besides a lot of expense and complexity in consumer devices.
>The group should stay away any ideological issues. DRM will be used in a
>variety of situations, not just for music or video. Unless we want a
>single company to set the direction and provide all the tools we need to
>set standards.
I agree.
>I also think the group should stay away from the technology for developing
>the "client." Each individual company should make its own protected
>client, and the content owner can restrict which client can use the content
>with certificates.
Yes, I think we should focus on the infrastructure technology components.
Mark
>Joe
>
>----- Forwarded by Joe Polimeni/Fort Lauderdale/IBM on 12/12/2002 08:45 AM
>-----
>
>
> Paul
> Lambert
>
> <PaulLambert@AirgoNe To: Mark Baugher
> <mbaugher@cisco.com>
> tworks.Com> cc:
> ietf-idrm@lists.elistx.com
> Subject: RE: [IDRM]
> Disband or recharter IDRM?
> 12/11/2002 08:37
> PM
>
>
>
>
>
>
>
>
>
>
>
> > Paul
> > www.irtf.org is the main page from which you can navigate
> > to the IDRM
> > page, which is where the RG deliverables are described.
>
>Yes, but ..
>
>The 'deliverables' are not clear ... for example:
>
>"The IDRM Research Group will begin its work by surveying the area of
>Digital Rights Management (DRM), and develop a coherent taxonomy of
>problems related to DRM with their inter- relationships."
>
>I'm not sure how I would use this result.
>
>Picking a smaller clearer deliverable would hopefully get more interest and
>involvement.
>
>Paul
>
>
>
>
>
> > -----Original Message-----
> > From: Mark Baugher [mailto:mbaugher@cisco.com]
> > Sent: Wednesday, December 11, 2002 5:26 PM
> > To: Paul Lambert
> > Cc: ietf-idrm@lists.elistx.com
> > Subject: RE: [IDRM] Disband or recharter IDRM?
> >
> >
> > Paul
> > www.irtf.org is the main page from which you can navigate
> > to the IDRM
> > page, which is where the RG deliverables are described.
> >
> > Mark
> > At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote:
> >
> > > > Just so we are all on the same page, a stated "business
> > reason" is not
> > > > among the criteria used to establish and guide an
> > Internet Research Task
> > > > Force (IRTF) Research Group such as IDRM
> > >
> > >There needs to be some reason for the community at large to
> > participate.
> > >
> > > > Force (IRTF) Research Group such as IDRM
> > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt)
> > >
> > >
> > >Which says:
> > >
> > > The products of a Research Group are research
> > > results that may be disseminated by publication in
> > scholarly journals
> > > and conferences, as white papers for the community, as
> > Informational
> > > RFCs, and so on. In addition, it is expected that technologies
> > > developed in a Research Group will be brought to the
> > IETF as input to
> > > IETF Working Group(s) for possible standardization.
> > >
> > >It does not say 'discussion forum'. What are the specific
> > work products
> > >for this group?
> > >
> > >
> > >Paul
> > >
> > > > -----Original Message-----
> > > > From: Mark Baugher [mailto:mbaugher@cisco.com]
> > > > Sent: Wednesday, December 11, 2002 3:22 PM
> > > > To: Paul Lambert
> > > > Cc: ietf-idrm@lists.elistx.com
> > > > Subject: RE: [IDRM] Disband or recharter IDRM?
> > > >
> > > >
> > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote:
> > > >
> > > > > > Please, I do not have a business need for these emails.
> > > > >
> > > > >Perhaps no one has a business reason for this committee and
> > > > it should be
> > > > >disbanded.
> > > >
> > > > Just so we are all on the same page, a stated "business
> > > > reason" is not
> > > > among the criteria used to establish and guide an Internet
> > > > Research Task
> > > > Force (IRTF) Research Group such as IDRM
> > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt)
> > > >
> > > > Mark
> > > >
> > > >
> > > > >Business reasons for a specific technology does not
> > > > guarentee that there
> > > > >is any reason for an open interoperable standard.
> > > > >
> > > > >
> > > > >Paul
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Theisen, Isabelle
> > [mailto:Isabelle.Theisen@unistudios.com]
> > > > > > Sent: Wednesday, December 11, 2002 2:48 PM
> > > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com';
> > > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com'
> > > > > > Subject: RE: [IDRM] Disband or recharter IDRM?
> > > > > >
> > > > > >
> > > > > > Please, I do not have a business need for these emails.
> > > > > > Please, remove from the list.
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com]
> > > > > > Sent: Wednesday, December 11, 2002 2:09 PM
> > > > > > To: Gord Larose
> > > > > > Cc: ietf-idrm@lists.elistx.com
> > > > > > Subject: Re: [IDRM] Disband or recharter IDRM?
> > > > > >
> > > > > >
> > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote:
> > > > > > >Hi Thomas,
> > > > > > >Thanks for the feedback and update. At a high level I
> > > > agree with you
> > > > > > >completely.
> > > > > > >
> > > > > > >However, at a technical level, "Open source DRM" makes my
> > > > > > brain hurt. It's
> > > > > > >hard enough hide anything in BINARY inside a PC; but like it
> > > > > > or not, that's
> > > > > > >one thing DRM has to do. I should know... the NetActive
> > > > > > technology I was
> > > > > > >largely responsible for addresses exactly that problem. That
> > > > > > technology has
> > > > > > >never, to my knowledge, been publicly cracked... but I doubt
> > > > > > that would have
> > > > > > >been true if we'd published the source !
> > > > > >
> > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :)
> > > > > > However, this
> > > > > > seems to be the only way to provide an alternative to
> > proprietary
> > > > > > technology. In many cases, perhaps the mom-and-pop
> > > > > > "publisher" does not
> > > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but
> > > > > > enough to
> > > > > > discourage non-technical people from trying to break it.
> > > > > >
> > > > > >
> > > > > > >And from a business perspective, Mom & Pop businesses
> > > > already have
> > > > > > >inexpensive, low-end protection technologies
> > available e.g. from
> > > > > > >third-party software TBYB wrappers, or via, say, Windows
> > > > > > Media Player DRM.
> > > > > > >The obstacles are more about complexity, churn, supplier
> > > > > > viability, trust,
> > > > > > >and branding, than about cost or availability.
> > > > > >
> > > > > > Hmm, I'm not sure I follow here. WMP is only for certain
> > > > > > types of contents
> > > > > > (e.g. not books, newspapers, newletters, etc).
> > > > > >
> > > > > >
> > > > > >
> > > > > > >So we'd have to be careful about what the values of such a
> > > > > > system were... if
> > > > > > >we could figure out how it would work !
> > > > > > >
> > > > > > >Here's an entertaining thought: suppose we emphasize TRUST
> > > > > > and CONTINUITY.
> > > > > > >Maybe we could even subvert Palladium and the Fritz Chip to
> > > > > > nobler ends ?
> > > > > > >i.e. a system that WILL, in some sense, robustly protect
> > > > > > content, but WILL
> > > > > > >NOT - as a matter of the supplier's policy - do any of the
> > > > > > things that
> > > > > > >consumers and libertarians rightly fear ? And a further
> > > > benefit of an
> > > > > > >open-source (that may not be the right term, maybe
> > > > > > "distributed ownership"
> > > > > > >is better) model could be the continuing availability of the
> > > > > > solution e.g.
> > > > > > >Red Hat may die, but Linux won't.
> > > > > >
> > > > > >
> > > > > > OK, so this is a *very* interesting question. These are
> > > > the types of
> > > > > > questions that needs to be discussed in a open forum and
> > > > > > where pieces of it
> > > > > > can be standardized (the way many pieces of Linux has been
> > > > > > standardized).
> > > > > >
> > > > > > cheers,
> > > > > >
> > > > > > thomas
> > > > > > ------
> > > > > >
> > > > > >
> > > > > >
> > > > > > >I'm not sure how to do this, but maybe we could
> > figure it out !
> > > > > > >
> > > > > > >Cheers,
> > > > > > > Gord 8-)
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >----- Original Message -----
> > > > > > >From: "Thomas Hardjono" <thardjono@verisign.com>
> > > > > > >To: <glarose@info-mech.com>; <ietf-idrm@lists.elistx.com>
> > > > > > >Sent: Wednesday, December 11, 2002 12:55 PM
> > > > > > >Subject: Re: [IDRM] Disband or recharter IDRM?
> > > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > > Gord,
> > > > > > > >
> > > > > > > > I agree with most of your comments. Judging from the
> > > > > > "emotional outcry" we
> > > > > > > > received at the last IDRM meeting (Salt Lake City IETF,
> > > > > > end of 2001), DRM
> > > > > > > > seems to mean different things to different people.
> > > > > > > >
> > > > > > > >
> > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote:
> > > > > > > > >Hello:
> > > > > > > > > Most of you on the list will not know me, as I came
> > > > > > in during your
> > > > > > >period
> > > > > > > > >of dormancy. I too have been mulling these issues, as
> > > > > > the DRM company
> > > > > > >that
> > > > > > > > >I helped found (NetActive) struggled like most others in
> > > > > > the space.
> > > > > > > > >
> > > > > > > > >I think there are two classes of issues here - the
> > > > > > social-advocacy ones
> > > > > > > > >and the technical ones.
> > > > > > > > >
> > > > > > > > >The social-advocacy issues are horribly subjective. The
> > > > > > concerns were
> > > > > > > > >well expressed in Mark's email, and we could spend
> > > > > > thousands of words
> > > > > > > > >debating them. For what it
> > > > > > > > >is worth, I believe that DRM is not philosophically
> > > > > > wrong, and further,
> > > > > > >that
> > > > > > > > >it is commercially necessary. However, I do not believe
> > > > > > that the current
> > > > > > > > >"axis of greed" between Hollywood and Washington
> > > > serves the best
> > > > > > >interests
> > > > > > > > >of American citizens and, as a Canadian, I am very
> > > > > > concerned about the
> > > > > > > > >United States' efforts to impose its draconian views
> > > > of copyright
> > > > > > > > >enforcement on the rest of the world.
> > > > > > > > > Good DRM does not have to put Big Brother on your hard
> > > > > > drive. If it
> > > > > > >does,
> > > > > > > > >then the price is too high.
> > > > > > > >
> > > > > > > > Right. So one of the notions we put forward in the IETF
> > > > > > was: is it at all
> > > > > > > > possible to create "open-source DRM technologies", so
> > > > that small
> > > > > > > > mom-and-pop publishers need not pay $$$ for proprietary
> > > > > > solutions. The
> > > > > > > > analogy is that with Linux and the Apache webserver,
> > > > > > which are available
> > > > > > > > for around $30.
> > > > > > > > Another useful comparison in the RSA encryption
> > > > > > algorithm, which is good
> > > > > > > > technology, well understood, standardized and now finally
> > > > > > over the patent
> > > > > > > > hurdle.
> > > > > > > >
> > > > > > > > I realize that some folks take the (radical) position of
> > > > > > being against any
> > > > > > > > development of DRM technology whatsoever. The best way
> > > > > > to ensure Big
> > > > > > > > Brother does not happen is to go against any work
> > > > > > relating to DRM. The
> > > > > > > > reality is that DRM Technology is here to stay
> > > > > > (proprietary), whether we
> > > > > > > > like it or not. It will ship inside PCs and in consumer
> > > > > > electronics
> > > > > > > > devices. I think such a position actually helps the Big
> > > > > > Brother syndrome,
> > > > > > > > as it does not provide an option to the general public as
> > > > > > to alternative
> > > > > > > > sources of technology.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >On a philosophical level then, I say there is a need for
> > > > > > smart people to
> > > > > > > > >build workable DRM that citizens can live with.
> > > > > > > > >
> > > > > > > > >The point issue of this technical group's mandate is
> > > > > > much clearer IMO.
> > > > > > >The
> > > > > > > > >core
> > > > > > > > >technology challenges for DRM are terminal node
> > > > > > challenges, not network
> > > > > > > > >challenges. Sure, a network is usually involved, but DRM
> > > > > > is nothing
> > > > > > >special
> > > > > > > > >for the network. DRM's basic network needs are nothing
> > > > > > harder than
> > > > > > > > >http/https over tcp/ip. And the terminal mode challenges
> > > > > > are largely
> > > > > > >about
> > > > > > > > >things like tamper-resistance, which are proprietary
> > > > and not very
> > > > > > >amenable
> > > > > > > > >to
> > > > > > > > >standardization. It's not something where an IETF group
> > > > > > adds much value.
> > > > > > > >
> > > > > > > > Right. This is where the word "DRM" is I think a
> > > > > > misnomer for the IETF
> > > > > > > > efforts. You are absolutely right, that DRM is indeed
> > > > > > "terminal node
> > > > > > > > challenges" (ie. development of rights-enforcing
> > > > > > terminals), which is not
> > > > > > > > the traditional area of work for the IETF.
> > > > > > > >
> > > > > > > > However, there some network issues that is part of what I
> > > > > > call the "DRM
> > > > > > > > macrocosm", which included functions relating to
> > > > > > look-ups, secure network
> > > > > > > > storage, transaction clearinghouse, etc. These would
> > > > appear to be
> > > > > > >suitable
> > > > > > > > for work items in the IETF.
> > > > > > > >
> > > > > > > > Thus, one possible change to IDRM is a new name that is
> > > > > > less likely to be
> > > > > > > > controversial.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >So where does that leave the group ? Seems to me the
> > > > > > options include:
> > > > > > > > >1) disband
> > > > > > > > >2) generalize the focus to a multidisciplinary one,
> > > > > > along the lines of
> > > > > > > > >http://www.bcdforum.org . (Though I have to confess
> > > > I find that
> > > > > > >organization
> > > > > > > > >lacking substance.)
> > > > > > > > >3) Find specific technical problems that are obstacles
> > > > > > to good (i.e.
> > > > > > > > >effective but not Orwellian) DRM, which are going
> > > > > > begging, and in scope,
> > > > > > > > >and work on solutions.
> > > > > > > > >
> > > > > > > > >I don't have a top-of-mind suggestion for #3, but it
> > > > > > sounds like the most
> > > > > > > > >fun!
> > > > > > > >
> > > > > > > > Yes, the keyword is "fun". Perhaps others on the list
> > > > > > may have specific
> > > > > > > > suggestions?
> > > > > > > >
> > > > > > > > cheers,
> > > > > > > >
> > > > > > > > thomas
> > > > > > > > ------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >Other thoughts ???
> > > > > > > > >
> > > > > > > > >Best Regards,
> > > > > > > > > Gord Larose
> > > > > > > > >
> > > > > > > > >----- Original Message -----
> > > > > > > > >From: "Mark Baugher" <mbaugher@cisco.com>
> > > > > > > > >To: <ietf-idrm@lists.elistx.com>
> > > > > > > > >Cc: <thardjono@yahoo.com>; "Vern Paxson" <vern@icir.org>
> > > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM
> > > > > > > > >Subject: [IDRM] Disband or recharter IDRM?
> > > > > > > > >
> > > > > > > > > > IDRM has obviously been dormant for about a year.
> > > > > > > > > >SNIP<
> > > > > > > >
> > > > > >
> > > >
> >