Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-14 Thread Jason Holt
On Wed, 9 May 2007, Ali, Saqib wrote: What about DRM/ERM that uses TPM? With TPM the content is pretty much tied to a machine (barring screen captures etc) Will ERM/DRM be ineffective even with the use of TPM? ERM/DRM/TPM are such poorly defined and implemented products that people have

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-14 Thread Anne Lynn Wheeler
Jason Holt wrote: ERM/DRM/TPM are such poorly defined and implemented products that people have started referring to a DRM fairy who people assume will wave her wand and solve whatever problem is at hand. I used to try to draw out the mentioner's claims into a concrete proposal that everyone

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-14 Thread James A. Donald
Jason Holt wrote: So I guess the answer to your question is We'd better assume that DRM+TPM will be ineffective until we've subjected a specific implementation of it to the same level of scrutiny we apply to other cryptosystems, and since DRM+TPM proposals tend to be much more complicated

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-13 Thread Alexander Klimov
On Fri, 11 May 2007, Jon Callas wrote: What about DRM/ERM that uses TPM? With TPM the content is pretty much tied to a machine (barring screen captures etc) Will ERM/DRM be ineffective even with the use of TPM? There are two different features of TPM: it can work as an embedded smartcard (to

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-12 Thread Ali, Saqib
Hi Jon, Rights management systems work against polite attackers. They are useless against impolite attackers. Look at the way that entertainment rights management systems have been attacked. The rights management system will be secure so long as no one wants to break them. There is tension

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-12 Thread Jon Callas
On May 9, 2007, at 5:01 PM, Ali, Saqib wrote: Hi Jon, Rights management systems work against polite attackers. They are useless against impolite attackers. Look at the way that entertainment rights management systems have been attacked. The rights management system will be secure so long as

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-12 Thread Hagai Bar-El
Hello, On 08/05/07 20:16, Ali, Saqib wrote: I was recently asked why not just deploy a Enterprise Right Management solution instead of using various encryption tools to prevent data leaks. Any thoughts? The encryption tools function according to simple, well understood, and more-or-less

Enterprise Right Management vs. Traditional Encryption Tools

2007-05-09 Thread Ali, Saqib
I was recently asked why not just deploy a Enterprise Right Management solution instead of using various encryption tools to prevent data leaks. Any thoughts? - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-09 Thread Jon Callas
On May 8, 2007, at 10:16 AM, Ali, Saqib wrote: I was recently asked why not just deploy a Enterprise Right Management solution instead of using various encryption tools to prevent data leaks. Any thoughts? What problem are you trying to solve? If you're dealing with a rights-management