[IETF-IDRM] RE: [IDRM] Disband or recharter IDRM?
Thomas Hardjono
thardjono@verisign.com
Fri, 13 Dec 2002 13:35:41 -0500
Joe,
At 12/12/2002||08:54 AM, Joe Polimeni wrote:
>I believe the best thing the group could do is:
>1. Define the file format (a.k.a. package format) for a DRM protected
>file. Currently each DRM products has it's own proprietary format.
>2. Recommend a rights expression language (ORDL or XrML).
>3. Recommend a key flow.
No. 3 (key flow) is a good idea, I think. As to No. 2, I don't think the
IETF will be willing to recommend a language. Also, XrML is being
addressed in Oasis and ODRL within the OMA (I think).
I'm not sure about file formats (No.1). Ceratin content types, such as
MPEG, do have a standard content format, and the metadata is expressed in
the MPEG REL.
>The group should stay away any ideological issues. DRM will be used in a
>variety of situations, not just for music or video. Unless we want a
>single company to set the direction and provide all the tools we need to
>set standards.
Agreed :)
>I also think the group should stay away from the technology for developing
>the "client." Each individual company should make its own protected
>client, and the content owner can restrict which client can use the content
>with certificates.
Agree. I would roughly equate "client" to "Terminal". Earlier in this
discussion Paul Judge mentioned "architectures" and "secure
distribution/conditional access". These seem to be a natural IETF work item.
cheers,
thomas
------
>Joe
>
>----- Forwarded by Joe Polimeni/Fort Lauderdale/IBM on 12/12/2002 08:45 AM
>-----
>
>
> Paul
> Lambert
>
> <PaulLambert@AirgoNe To: Mark Baugher
> <mbaugher@cisco.com>
> tworks.Com> cc:
> ietf-idrm@lists.elistx.com
> Subject: RE: [IDRM]
> Disband or recharter IDRM?
> 12/11/2002 08:37
> PM
>
>
>
>
>
>
>
>
>
>
>
> > Paul
> > www.irtf.org is the main page from which you can navigate
> > to the IDRM
> > page, which is where the RG deliverables are described.
>
>Yes, but ..
>
>The 'deliverables' are not clear ... for example:
>
>"The IDRM Research Group will begin its work by surveying the area of
>Digital Rights Management (DRM), and develop a coherent taxonomy of
>problems related to DRM with their inter- relationships."
>
>I'm not sure how I would use this result.
>
>Picking a smaller clearer deliverable would hopefully get more interest and
>involvement.
>
>Paul
>
>
>
>
>
> > -----Original Message-----
> > From: Mark Baugher [mailto:mbaugher@cisco.com]
> > Sent: Wednesday, December 11, 2002 5:26 PM
> > To: Paul Lambert
> > Cc: ietf-idrm@lists.elistx.com
> > Subject: RE: [IDRM] Disband or recharter IDRM?
> >
> >
> > Paul
> > www.irtf.org is the main page from which you can navigate
> > to the IDRM
> > page, which is where the RG deliverables are described.
> >
> > Mark
> > At 05:16 PM 12/11/2002 -0800, Paul Lambert wrote:
> >
> > > > Just so we are all on the same page, a stated "business
> > reason" is not
> > > > among the criteria used to establish and guide an
> > Internet Research Task
> > > > Force (IRTF) Research Group such as IDRM
> > >
> > >There needs to be some reason for the community at large to
> > participate.
> > >
> > > > Force (IRTF) Research Group such as IDRM
> > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt)
> > >
> > >
> > >Which says:
> > >
> > > The products of a Research Group are research
> > > results that may be disseminated by publication in
> > scholarly journals
> > > and conferences, as white papers for the community, as
> > Informational
> > > RFCs, and so on. In addition, it is expected that technologies
> > > developed in a Research Group will be brought to the
> > IETF as input to
> > > IETF Working Group(s) for possible standardization.
> > >
> > >It does not say 'discussion forum'. What are the specific
> > work products
> > >for this group?
> > >
> > >
> > >Paul
> > >
> > > > -----Original Message-----
> > > > From: Mark Baugher [mailto:mbaugher@cisco.com]
> > > > Sent: Wednesday, December 11, 2002 3:22 PM
> > > > To: Paul Lambert
> > > > Cc: ietf-idrm@lists.elistx.com
> > > > Subject: RE: [IDRM] Disband or recharter IDRM?
> > > >
> > > >
> > > > At 02:57 PM 12/11/2002 -0800, Paul Lambert wrote:
> > > >
> > > > > > Please, I do not have a business need for these emails.
> > > > >
> > > > >Perhaps no one has a business reason for this committee and
> > > > it should be
> > > > >disbanded.
> > > >
> > > > Just so we are all on the same page, a stated "business
> > > > reason" is not
> > > > among the criteria used to establish and guide an Internet
> > > > Research Task
> > > > Force (IRTF) Research Group such as IDRM
> > > > (ftp://ftp.rfc-editor.org/in-notes/rfc2014.txt)
> > > >
> > > > Mark
> > > >
> > > >
> > > > >Business reasons for a specific technology does not
> > > > guarentee that there
> > > > >is any reason for an open interoperable standard.
> > > > >
> > > > >
> > > > >Paul
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Theisen, Isabelle
> > [mailto:Isabelle.Theisen@unistudios.com]
> > > > > > Sent: Wednesday, December 11, 2002 2:48 PM
> > > > > > To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com';
> > > > > > 'glarose@info-mech.com'; 'mbaugher@cisco.com'
> > > > > > Subject: RE: [IDRM] Disband or recharter IDRM?
> > > > > >
> > > > > >
> > > > > > Please, I do not have a business need for these emails.
> > > > > > Please, remove from the list.
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Thomas Hardjono [mailto:thardjono@yahoo.com]
> > > > > > Sent: Wednesday, December 11, 2002 2:09 PM
> > > > > > To: Gord Larose
> > > > > > Cc: ietf-idrm@lists.elistx.com
> > > > > > Subject: Re: [IDRM] Disband or recharter IDRM?
> > > > > >
> > > > > >
> > > > > > At 12/11/2002||03:16 PM, Gord Larose wrote:
> > > > > > >Hi Thomas,
> > > > > > >Thanks for the feedback and update. At a high level I
> > > > agree with you
> > > > > > >completely.
> > > > > > >
> > > > > > >However, at a technical level, "Open source DRM" makes my
> > > > > > brain hurt. It's
> > > > > > >hard enough hide anything in BINARY inside a PC; but like it
> > > > > > or not, that's
> > > > > > >one thing DRM has to do. I should know... the NetActive
> > > > > > technology I was
> > > > > > >largely responsible for addresses exactly that problem. That
> > > > > > technology has
> > > > > > >never, to my knowledge, been publicly cracked... but I doubt
> > > > > > that would have
> > > > > > >been true if we'd published the source !
> > > > > >
> > > > > > Yes, I agree: "open source DRM" makes my brain hurt too :)
> > > > > > However, this
> > > > > > seems to be the only way to provide an alternative to
> > proprietary
> > > > > > technology. In many cases, perhaps the mom-and-pop
> > > > > > "publisher" does not
> > > > > > need 100% hack-proof DRM (maybe not even 90% hack-proof), but
> > > > > > enough to
> > > > > > discourage non-technical people from trying to break it.
> > > > > >
> > > > > >
> > > > > > >And from a business perspective, Mom & Pop businesses
> > > > already have
> > > > > > >inexpensive, low-end protection technologies
> > available e.g. from
> > > > > > >third-party software TBYB wrappers, or via, say, Windows
> > > > > > Media Player DRM.
> > > > > > >The obstacles are more about complexity, churn, supplier
> > > > > > viability, trust,
> > > > > > >and branding, than about cost or availability.
> > > > > >
> > > > > > Hmm, I'm not sure I follow here. WMP is only for certain
> > > > > > types of contents
> > > > > > (e.g. not books, newspapers, newletters, etc).
> > > > > >
> > > > > >
> > > > > >
> > > > > > >So we'd have to be careful about what the values of such a
> > > > > > system were... if
> > > > > > >we could figure out how it would work !
> > > > > > >
> > > > > > >Here's an entertaining thought: suppose we emphasize TRUST
> > > > > > and CONTINUITY.
> > > > > > >Maybe we could even subvert Palladium and the Fritz Chip to
> > > > > > nobler ends ?
> > > > > > >i.e. a system that WILL, in some sense, robustly protect
> > > > > > content, but WILL
> > > > > > >NOT - as a matter of the supplier's policy - do any of the
> > > > > > things that
> > > > > > >consumers and libertarians rightly fear ? And a further
> > > > benefit of an
> > > > > > >open-source (that may not be the right term, maybe
> > > > > > "distributed ownership"
> > > > > > >is better) model could be the continuing availability of the
> > > > > > solution e.g.
> > > > > > >Red Hat may die, but Linux won't.
> > > > > >
> > > > > >
> > > > > > OK, so this is a *very* interesting question. These are
> > > > the types of
> > > > > > questions that needs to be discussed in a open forum and
> > > > > > where pieces of it
> > > > > > can be standardized (the way many pieces of Linux has been
> > > > > > standardized).
> > > > > >
> > > > > > cheers,
> > > > > >
> > > > > > thomas
> > > > > > ------
> > > > > >
> > > > > >
> > > > > >
> > > > > > >I'm not sure how to do this, but maybe we could
> > figure it out !
> > > > > > >
> > > > > > >Cheers,
> > > > > > > Gord 8-)
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >----- Original Message -----
> > > > > > >From: "Thomas Hardjono" <thardjono@verisign.com>
> > > > > > >To: <glarose@info-mech.com>; <ietf-idrm@lists.elistx.com>
> > > > > > >Sent: Wednesday, December 11, 2002 12:55 PM
> > > > > > >Subject: Re: [IDRM] Disband or recharter IDRM?
> > > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > > Gord,
> > > > > > > >
> > > > > > > > I agree with most of your comments. Judging from the
> > > > > > "emotional outcry" we
> > > > > > > > received at the last IDRM meeting (Salt Lake City IETF,
> > > > > > end of 2001), DRM
> > > > > > > > seems to mean different things to different people.
> > > > > > > >
> > > > > > > >
> > > > > > > > At 12/11/2002||09:23 AM, Gord Larose wrote:
> > > > > > > > >Hello:
> > > > > > > > > Most of you on the list will not know me, as I came
> > > > > > in during your
> > > > > > >period
> > > > > > > > >of dormancy. I too have been mulling these issues, as
> > > > > > the DRM company
> > > > > > >that
> > > > > > > > >I helped found (NetActive) struggled like most others in
> > > > > > the space.
> > > > > > > > >
> > > > > > > > >I think there are two classes of issues here - the
> > > > > > social-advocacy ones
> > > > > > > > >and the technical ones.
> > > > > > > > >
> > > > > > > > >The social-advocacy issues are horribly subjective. The
> > > > > > concerns were
> > > > > > > > >well expressed in Mark's email, and we could spend
> > > > > > thousands of words
> > > > > > > > >debating them. For what it
> > > > > > > > >is worth, I believe that DRM is not philosophically
> > > > > > wrong, and further,
> > > > > > >that
> > > > > > > > >it is commercially necessary. However, I do not believe
> > > > > > that the current
> > > > > > > > >"axis of greed" between Hollywood and Washington
> > > > serves the best
> > > > > > >interests
> > > > > > > > >of American citizens and, as a Canadian, I am very
> > > > > > concerned about the
> > > > > > > > >United States' efforts to impose its draconian views
> > > > of copyright
> > > > > > > > >enforcement on the rest of the world.
> > > > > > > > > Good DRM does not have to put Big Brother on your hard
> > > > > > drive. If it
> > > > > > >does,
> > > > > > > > >then the price is too high.
> > > > > > > >
> > > > > > > > Right. So one of the notions we put forward in the IETF
> > > > > > was: is it at all
> > > > > > > > possible to create "open-source DRM technologies", so
> > > > that small
> > > > > > > > mom-and-pop publishers need not pay $$$ for proprietary
> > > > > > solutions. The
> > > > > > > > analogy is that with Linux and the Apache webserver,
> > > > > > which are available
> > > > > > > > for around $30.
> > > > > > > > Another useful comparison in the RSA encryption
> > > > > > algorithm, which is good
> > > > > > > > technology, well understood, standardized and now finally
> > > > > > over the patent
> > > > > > > > hurdle.
> > > > > > > >
> > > > > > > > I realize that some folks take the (radical) position of
> > > > > > being against any
> > > > > > > > development of DRM technology whatsoever. The best way
> > > > > > to ensure Big
> > > > > > > > Brother does not happen is to go against any work
> > > > > > relating to DRM. The
> > > > > > > > reality is that DRM Technology is here to stay
> > > > > > (proprietary), whether we
> > > > > > > > like it or not. It will ship inside PCs and in consumer
> > > > > > electronics
> > > > > > > > devices. I think such a position actually helps the Big
> > > > > > Brother syndrome,
> > > > > > > > as it does not provide an option to the general public as
> > > > > > to alternative
> > > > > > > > sources of technology.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >On a philosophical level then, I say there is a need for
> > > > > > smart people to
> > > > > > > > >build workable DRM that citizens can live with.
> > > > > > > > >
> > > > > > > > >The point issue of this technical group's mandate is
> > > > > > much clearer IMO.
> > > > > > >The
> > > > > > > > >core
> > > > > > > > >technology challenges for DRM are terminal node
> > > > > > challenges, not network
> > > > > > > > >challenges. Sure, a network is usually involved, but DRM
> > > > > > is nothing
> > > > > > >special
> > > > > > > > >for the network. DRM's basic network needs are nothing
> > > > > > harder than
> > > > > > > > >http/https over tcp/ip. And the terminal mode challenges
> > > > > > are largely
> > > > > > >about
> > > > > > > > >things like tamper-resistance, which are proprietary
> > > > and not very
> > > > > > >amenable
> > > > > > > > >to
> > > > > > > > >standardization. It's not something where an IETF group
> > > > > > adds much value.
> > > > > > > >
> > > > > > > > Right. This is where the word "DRM" is I think a
> > > > > > misnomer for the IETF
> > > > > > > > efforts. You are absolutely right, that DRM is indeed
> > > > > > "terminal node
> > > > > > > > challenges" (ie. development of rights-enforcing
> > > > > > terminals), which is not
> > > > > > > > the traditional area of work for the IETF.
> > > > > > > >
> > > > > > > > However, there some network issues that is part of what I
> > > > > > call the "DRM
> > > > > > > > macrocosm", which included functions relating to
> > > > > > look-ups, secure network
> > > > > > > > storage, transaction clearinghouse, etc. These would
> > > > appear to be
> > > > > > >suitable
> > > > > > > > for work items in the IETF.
> > > > > > > >
> > > > > > > > Thus, one possible change to IDRM is a new name that is
> > > > > > less likely to be
> > > > > > > > controversial.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >So where does that leave the group ? Seems to me the
> > > > > > options include:
> > > > > > > > >1) disband
> > > > > > > > >2) generalize the focus to a multidisciplinary one,
> > > > > > along the lines of
> > > > > > > > >http://www.bcdforum.org . (Though I have to confess
> > > > I find that
> > > > > > >organization
> > > > > > > > >lacking substance.)
> > > > > > > > >3) Find specific technical problems that are obstacles
> > > > > > to good (i.e.
> > > > > > > > >effective but not Orwellian) DRM, which are going
> > > > > > begging, and in scope,
> > > > > > > > >and work on solutions.
> > > > > > > > >
> > > > > > > > >I don't have a top-of-mind suggestion for #3, but it
> > > > > > sounds like the most
> > > > > > > > >fun!
> > > > > > > >
> > > > > > > > Yes, the keyword is "fun". Perhaps others on the list
> > > > > > may have specific
> > > > > > > > suggestions?
> > > > > > > >
> > > > > > > > cheers,
> > > > > > > >
> > > > > > > > thomas
> > > > > > > > ------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >Other thoughts ???
> > > > > > > > >
> > > > > > > > >Best Regards,
> > > > > > > > > Gord Larose
> > > > > > > > >
> > > > > > > > >----- Original Message -----
> > > > > > > > >From: "Mark Baugher" <mbaugher@cisco.com>
> > > > > > > > >To: <ietf-idrm@lists.elistx.com>
> > > > > > > > >Cc: <thardjono@yahoo.com>; "Vern Paxson" <vern@icir.org>
> > > > > > > > >Sent: Tuesday, December 10, 2002 6:43 PM
> > > > > > > > >Subject: [IDRM] Disband or recharter IDRM?
> > > > > > > > >
> > > > > > > > > > IDRM has obviously been dormant for about a year.
> > > > > > > > > >SNIP<
> > > > > > > >
> > > > > >
> > > >
> >
>
>
>
>_______________________________________________
>ietf-idrm mailing list
>ietf-idrm@idrm.org
>http://www.pairlist.net/mailman/listinfo/ietf-idrm