I was reading some of Bruce Schneier's blog and ran across http://www.schneier.com/blog/archives/2007/05/reading_lcd_dis.html which lead me to http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.html . In that dissertation by Markus G. Kuhn it pointed out " It might be worth noting that the DVI standard is prepared for two optional extensions that, even though not intended for this purpose, might also be of use for reducing em- anation security concerns. The first is selective refresh ... The second option under development is High-bandwidth Digital Content Protection (DVI/ HDCP) , ... Even a cryptographically weak key exchange protocol, such as the one published in a first HDCP draft [100], is likely to provide sufficient protection against a passive compromising- emanations eavesdropper, who can see the communication only in a noisy and restricted form." Chapter 4; pages 82-83
http://www.access.gpo.gov/uscode/title17/chapter12_.html http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=browse_usc&docid=Cite:+17USC1201 http://www.copyright.gov/1201/ http://en.wikipedia.org/wiki/DMCA 17 U.S.C. § 1201 contains the provisions commonly referred to as the DMCA(Digital Millennium Copyright Act) . If you included hdcp support for tempest reasons then the DMCA shouldn't apply for several reasons. 1) primary purpose would be to prevent tempest attacks. It would be useless for the purposes of "circumventing protection" . 2) this primary purpose of preventing tempest attacks is a commercially significant purpose. 3) would be marketed as tempest counter-measure and as being worthless for "circumventing protection" . Maybe the best way for Traversal Technology to go about something like this would be. 1) reverse-engineer the hdcp master matrix 2) design the hardware so you can load a device key, but can't subsequently read that device key out. 3) load the device key(s) before you ship it out. You probably want to just reverse engineer the master matrix, but keep it to yourself. That way you only have to deal with laws and not with laws and contracts. You probably don't want to reveal even the device keys you make -- so make it so that the key can't be directly read, only used as part of the handshake. If you do that then it will be especially hard to say you have a "circumventing" device. It would at that point be functionally equivalent to every other video card that does hdcp. If you feel like you must reveal the device key, then send it to them first and let them revoke the key before you start using it. It would just be tempest counter-measure not way to protect copyright materials being sent to a rogue monitor; so it would be perfectly fine if the key was a revoked key. that assumes only the video card would do revoke key checking, monitors should never care and wouldn't have means of updating their revoked key list AFAIK.
_______________________________________________ Open-graphics mailing list [email protected] http://lists.duskglow.com/mailman/listinfo/open-graphics List service provided by Duskglow Consulting, LLC (www.duskglow.com)
