On Wed, Dec 24, 2008 at 10:06:59PM -0500, Edward Diener wrote:
> >It sounds like you are trying to implement DRM with an application that is
> >running on untrusted hardware controlled by a potentially hostile user.
> >You want to ensure that only your code has access to your server, and not
> >modified or user developed code. This is a "whitebox" DRM problem.
>
> Are you saying that any application sold on the market which needs to
> ensure secure access to data on a server outside the client machine on
> which the application runs is a "whitebox" DRM problem ?
No, I am saying that applications where you don't trust the user are
DRM problems. If you trust the user (not abuse, modify or replace)
your application, then you don't need DRM, just authenticate trusted
users by giving each user appropriate credentials (possibly a per-user
private key, delivered separately from the application, via a secure
enrollment process).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
