Florian Weimer <[EMAIL PROTECTED]> writes: > * Perry E. Metzger: >> This seems to me to be, yet again, an instance where failure to >> consider threat models is a major cause of security failure. > > Sorry, but where's the security failure? Where can you buy hardware > devices that can copy HD disks? Or download software that does, with > a readily usable interface?
You can't, but I think that is more a question of the market size. Right now there are very few HD-DVDs and Blu Ray discs on the market, and most people have DVD drives but not HD-DVD or Blu Ray drives. (I don't know that I've ever even seen such a drive to date, but that will surely change in a year.) Until there is a significant percentage of the user community with an "itch to scratch" the software will not appear. However, it is now very clear that the software is quite doable once people want it. > In that sense, even CSS hasn't really been broken. I watch DVDs all the time on my open source OS laptop using software that depends on DeCSS. It is quite nice software -- the UI is more or less as good as any of the Windows DVD players. (If the MPAA or DVD copy control folk want to try prosecuting me for watching DVDs I've bought legitimately using software they don't approve of, they are welcome to try -- I suspect that they don't have much of chance of winning.) I haven't used extraction software myself for real (I have no need for it at the moment -- I don't need my DVD library online) but there are a number of programs out there that allow you to extract the content from DVDs to your hard drive as easily as you can do it for a CD. They're pretty easy to find, even for Windows and OS X, and in my tests the UIs appeared to be pretty much easy enough for an ordinary person to use. These programs also depend on DeCSS, of course. > Even the flurry of DMCA takedown notices isn't necessarily a bad move. > It might help to shape the future of how access to content is > regulated in some very particular way. I doubt they'll get very far. Their best bet for suppression is to sue a selected subset of people for publishing the process key, but beyond bad publicity I don't see what practical benefit they might get. Especially in the US, they may also eventually run up against the first amendment. I know that one judge in the 2600 case believed that "the constitution is not a suicide pact", but those were different days. That case happened when the community was far less prepared, was not shepherded by ideal people, and did not set a real precedent. I think it might be harder to ramrod a similar case through the courts now, especially given that the Supreme Court has never ruled on this, and especially since programs like the ones I use to watch DVDs are clear and obvious legitimate uses and can be demonstrated to and understood even by members of the judiciary. -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]