Lars Oppermann wrote:While defining a DRM container is possible (as we all aggree), the problem is with the enforcment of that container on an open platform. 'Enforce' and 'open' just don't work well together I guess ;)
Though it's not inconceivable. After all, the most powerful encryption algorithms (El Gamal, Blowfish) are open.
Let's see if we can look at DRM from that approach. Ecryption systems can be open and reliable because their security depends not on the secrecy of the algorithm, but the secrecy of a key. Therefore, we might guess that an open DRM system would have to be similar.
I don't have a direct application of that to DRM, but I wanted to throw that out for brainstorming.
The problem here seems to be, that DRM starts where encryption ends. Encryption also has to do with trust. You encrypt under the assumption, that only trusted people will be able to decrypt the content. DRM encryts under the assumption that the person that is provided means to decypt is not to be trusted and thus needs to be 'guided' (euphemism intended :) by a trusted application.
[...]
One thing I'd like to know is, what kind of DRM does someone need on an office suite anyway? OOo doesn't play movies or MP3s. So it's not like the RIAA/MPAA give a hoot if OOo has DRM or not.
We discussed this on the OASIS OpenDocument call. It seems like some people have indicated that they would like this to control how documents are shared over the network. For example certain people not being able to modify or print a document, not send it as email...
A 'soft' way of doing this is easy, we would just need a syntax that expresses what is allowed and what's not and there could be an application feature that honours thsose flags. This should however be configurable, since anyone with a compiler could disable it anyway :)
It might be regarded as help for people not accidently modifying an important document, not accidently sending a confidential document and such.
It is however not real security. As real DRM IMHO is kind of a scam to lure content providers into providing their content at all by giving them the impression that it was protected by sophisticated technical measures as well as providing technology lock-in.
Bests ~Lars
-- Lars Oppermann <[EMAIL PROTECTED]> Sun Microsystems Inc. Software Engineer - StarOffice http://www.sun.com/staroffice
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
