On Wed, Dec 24, 2008 at 10:06:59PM -0500, Edward Diener wrote: > >It sounds like you are trying to implement DRM with an application that is > >running on untrusted hardware controlled by a potentially hostile user. > >You want to ensure that only your code has access to your server, and not > >modified or user developed code. This is a "whitebox" DRM problem. > > Are you saying that any application sold on the market which needs to > ensure secure access to data on a server outside the client machine on > which the application runs is a "whitebox" DRM problem ?
No, I am saying that applications where you don't trust the user are DRM problems. If you trust the user (not abuse, modify or replace) your application, then you don't need DRM, just authenticate trusted users by giving each user appropriate credentials (possibly a per-user private key, delivered separately from the application, via a secure enrollment process). -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org