On 17/10/2007, Glyn Wintle <[EMAIL PROTECTED]> wrote:
> The BBC could avoid all this mess if it eschewed DRM and instead employed
> standard formats.
The problems of DRM and Cross Platform are entirely separate concepts.
Evidently the BBC has hoodwinked you. Ah large media companies trying
to con the public, why does this seam like a bad dream?
Implementing DRM at the OS (here I really mean lower level OS, i.e.
the kernel, or wherever else you put the proper access control stuff)
layer on an untrusted machine is pointless, the user has hardware
access and can drop down to that level. If you are going to allow them
to go under your DRM "protection", why not place it at the application
layer? (most if not all DRM schemes do this, note that simply being
shipped with the OS doesn't place an application in the OS layer
security wise).
So OS layer DRM is absolutely useless, now you have a 3 choices (4 if
you count no DRM):
1. Implement DRM at the Hardware Layer, using tamper-proof hardware
(has it's own problem hinged on key distribution, or getting trusted
data to the hardware).
2. Accept it's going to be insecure and implement at the Application layer.
3. define an open standard (based on otgher standards, HTTP, XML
TV-Anytime etc.) and let implementers worry about it.
Selecting option one means the BBC will have to have a conversation
with the likes of Intel, AMD and hardware manufactures, who will no
doubt laugh them out of the office. It would them have to wait years
for the old hardware to be replaced (or you could produce an external
add on, but production of these would be tricky, who gets to produce
it, without interfering in the market. If anyone can produce it have
you compromised security be releasing decoding keys, etc.)
Option 2 can (and does) "work" irrespective of Operating System. (by
work I mean is implementable, it may also may attacks harder but in no
way offers what a security expert would consider secure).
Option 3 certainly works, it's worked for HTTP, Email and numerous
other technologies (too many to mention)
The BBC have never answered why they simple did not use a standard
that would reach all platforms. It can be done. Why does the BBC pay
OUR money to join standards committees (W3C, ETSI) if they are not
going to use the standards produced?
(Easier, Faster, Cheaper, Compliant with regulators, I see no
downside, unless you work for Microsoft (or know someone who works
there))
> This is not a technology problem
Cross Platform development was a technology problem, it's been fixed
in many different ways. Unfortunately the BBC is either too
incompetent or too corrupt to use any of the fixes developed by the
likes of the IETF, IEEE, ISO etc.
Andy
--
Computers are like air conditioners. Both stop working, if you open windows.
-- Adam Heath
-
Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please
visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html.
Unofficial list archive: http://www.mail-archive.com/[email protected]/
