Enterprise Right Management vs. Traditional Encryption Tools

Jason Holt jason at lunkwill.org
Mon May 14 11:37:48 EDT 2007


On Wed, 9 May 2007, Ali, Saqib wrote:
> What about DRM/ERM that uses TPM? With TPM the content is pretty much
> tied to a machine (barring screen captures etc)
>
> Will ERM/DRM be ineffective even with the use of TPM?

ERM/DRM/TPM are such poorly defined and implemented products that people have 
started referring to a "DRM fairy" who people assume will wave her wand and 
solve whatever problem is at hand.  I used to try to draw out the mentioner's 
claims into a concrete proposal that everyone could objectively examine, but 
the conversation rarely progressed that far.  So now I think that, as with 
other crypto proposals, the onus should now be on the proposer to clearly 
delineate what they're proposing and convince us that it's complete and 
correct, rather than us nodding our heads or lashing out at what we assume it 
means.

So I guess the answer to your question is "We'd better assume that DRM+TPM 
will be ineffective until we've subjected a specific implementation of it to 
the same level of scrutiny we apply to other cryptosystems, and since DRM+TPM 
proposals tend to be much more complicated than other cryptosystems like SSL, 
that's going to take a very long time."

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list