LOL It didn't say "we want secure DRM but not TOO secure" either
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Sent: 30 May 2008 16:42 To: [email protected] Subject: Re: [backstage] iPlayer download client for the Mac Ryan Morrison wrote: > You say "Didn't the Trust tell the BBC to produce download clients for > other platforms as soon as possible?" But didn't the Trust also set > the conditions for DRM? It doesn't say how secure the DRM has to be. And security wise it doesn't really need to be secure at all. After all the Beeb are blasting the programs out of transmitters, in digital form, at higher quality. Security is defined by "weakest link". So as long as you make some small effort you're fine, you can't lower the security any more than it is now because their is none. The BBC keeps saying "we need someone to write DRM for us", stop being such a bunch of lazy people and do it yourself. Helpfully the BBC pre-knows all the restrictions they want (so no need to actually encode the rights data ;)). A *very* simple method: 1. Assign client software a key or set of keys (symmetric or asymmetric doesn't really matter) 2. Take MP4* file prepend the files broadcast date(s). 3. Chose random symmetric encryption key 4. Cypher that data 5. Prepend a copy of the symmetric key encrypted with each client encryption key 6. Client decrypts with it's key and checks the broadcast date, if it's over 7 days old it refuses to play. 7. Job done, go to nearest pub (additionally actually test the software ;)) C = E_c1(k),E_c2(k),...,E_cN(k),E_k(T,P) Where C_x donates encryption under key x. c1,c2 to cN represents client keys 1 2 and N (repeat as needed) k is the item (or episode key) P is the item (or episode) T is the broadcast timestamp Decryption is left as an exercise for the reader^. As long as you don't use a Stream cypher the user will need to know the items key to tamper with the broadcast date, and if they have that key they can decrypt anyway! Might want to use some more complex method for encoding rights data. Weakness is the client key or item key could be compromised, but all DRM schemes have this weakness. It's stronger than plaintext so no less secure the Digital TV. Could probably code that in a few days (provided you have some kind of cryptography library available) * or any other format. ^ if you really can't work out how to do it then ask, but you really should have at least one person capable of understanding this > The point here isn't so much that someone has made a download client > but has made a download client that allows for the download of DRM > free iPlayer files > - which is against the terms the BBC have agreed for the iPlayer (I > think that's right). The point is the BBC could have added a very simple DRM scheme and have done the same thing. > Whether you agree with that or not - it is simple fact. Haven't seen the rights that the BBC have agreed. But if it says "Windows DRM Only" I would strongly suspect that the agreement may be illegal, particularly given EU vs Microsoft's ruling about tying. Would the BBC care to show us all this alleged document that is tying their hands? > And Jem isn't trying to censor the internet - just asking that you > talk about 'getting around the DRM on iPlayer files' somewhere that isn't run by the BBC. Trying to restrict discussion of certain topics isn't censorship? What precisely do you call it then? Andy - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/[email protected]/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/[email protected]/
