Thus... http://en.wikipedia.org/wiki/Snake_oil_(cryptography)
On 17/10/2007, Andy <[EMAIL PROTECTED]> wrote: > > On 17/10/2007, Glyn Wintle <[EMAIL PROTECTED]> wrote: > > The BBC could avoid all this mess if it eschewed DRM and instead > employed > > standard formats. > > The problems of DRM and Cross Platform are entirely separate concepts. > Evidently the BBC has hoodwinked you. Ah large media companies trying > to con the public, why does this seam like a bad dream? > > Implementing DRM at the OS (here I really mean lower level OS, i.e. > the kernel, or wherever else you put the proper access control stuff) > layer on an untrusted machine is pointless, the user has hardware > access and can drop down to that level. If you are going to allow them > to go under your DRM "protection", why not place it at the application > layer? (most if not all DRM schemes do this, note that simply being > shipped with the OS doesn't place an application in the OS layer > security wise). > > So OS layer DRM is absolutely useless, now you have a 3 choices (4 if > you count no DRM): > 1. Implement DRM at the Hardware Layer, using tamper-proof hardware > (has it's own problem hinged on key distribution, or getting trusted > data to the hardware). > 2. Accept it's going to be insecure and implement at the Application > layer. > 3. define an open standard (based on otgher standards, HTTP, XML > TV-Anytime etc.) and let implementers worry about it. > > Selecting option one means the BBC will have to have a conversation > with the likes of Intel, AMD and hardware manufactures, who will no > doubt laugh them out of the office. It would them have to wait years > for the old hardware to be replaced (or you could produce an external > add on, but production of these would be tricky, who gets to produce > it, without interfering in the market. If anyone can produce it have > you compromised security be releasing decoding keys, etc.) > > Option 2 can (and does) "work" irrespective of Operating System. (by > work I mean is implementable, it may also may attacks harder but in no > way offers what a security expert would consider secure). > > Option 3 certainly works, it's worked for HTTP, Email and numerous > other technologies (too many to mention) > > The BBC have never answered why they simple did not use a standard > that would reach all platforms. It can be done. Why does the BBC pay > OUR money to join standards committees (W3C, ETSI) if they are not > going to use the standards produced? > (Easier, Faster, Cheaper, Compliant with regulators, I see no > downside, unless you work for Microsoft (or know someone who works > there)) > > > This is not a technology problem > > Cross Platform development was a technology problem, it's been fixed > in many different ways. Unfortunately the BBC is either too > incompetent or too corrupt to use any of the fixes developed by the > likes of the IETF, IEEE, ISO etc. > > Andy > > -- > Computers are like air conditioners. Both stop working, if you open > windows. > -- Adam Heath > - > Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please > visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. > Unofficial > list archive: http://www.mail-archive.com/[email protected]/ > -- Please email me back if you need any more help. Brian Butterworth www.ukfree.tv
