DRM technology and policy

Pat Farrell pfarrell at pfarrell.com
Mon Apr 21 18:24:59 EDT 2003

At 05:07 PM 4/21/2003 -0400, Derek Atkins wrote:
>What are the requirements of such a system.  Let's get DEEP
>into details.  What are the constraints?  What is the threat model?
>I don't think we've seen a good requirements document (from
>either side) that details the issues, concerns, and wants
>from a DRM system.  They all start with the a priori solution
>("DRM Good" or "DRM Bad") and work backwards.  Let's work forwards
>and see where it takes us, and let's leave the fear behind.

I've never seen requirements by committee work.
And I'm not sure that this list is the right place for such
a conversation that will become full of nitpicking.

There have been DRMs commercially released.
CyberCash had a DRM built into its CyberCoin
product. It kept the "goods" enciphered until
payment was made. Used all the usual tools,
DES, RSA, etc. The protocol is a published RFC,
and the patent is public knowledge.

A large part of the effort is agreeing on bounds.
Everyone has to using loaded terms like "perfect DRM"
and use the engineering that security professionals
use. Make the cost of attack significantly higher than
the cost of good protected.

There are no absolutes in this business. So stop
pretending otherwise, it confuses the discussions.

>PS: Ok, who wants to pay me to think about this??  Or do you
>feel entitled to get my ramblings for free?  ;-)

I don't know about these ramblings, but I sure expected
to get paid by CyberCash when I worked there. I don't think
we need to argue whether there is such a think as goods that
deserve to be paid for ...   I think musicians should be able
to make a buck... and software dudes too....

There were lots of reasons that CyberCash the company
and CyberCoin the product failed. I submit that technology
was not high on the list.

The DiVx that Circuit City tried to use for DVDs had a real world
DRM. It also failed. There are lots of other examples.


Pat Farrell                     pfarrell at pfarrell.com

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list