LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.

Recent Features

Notes on the Viacom ruling

LWN.net Weekly Edition for July 3, 2008

More DTrace envy

LWN.net Weekly Edition for June 26, 2008

Symbian to be another open mobile platform

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

encryption for authentication

encryption for authentication

Posted Jan 20, 2006 7:18 UTC (Fri) by zlynx (subscriber, #2285)
In reply to: encryption for authentication by hingo
Parent article: GPLv3: a first look

Now look, I don't have anything against the GPLv2 or v3. In fact, I think they're both great. However, I have a twisty mind that looks for the loopholes in everything. That's what I'm doing in this discussion, not arguing that the GPL is bad or anything like that.

Hmm. Section 5a of the GPLv3 says the modified work has to carry notices of the changes. Seems to me that it's reasonable to *enforce* through technical means (hardware encryption chips), the notice of software changes. (off topic, but in answer to your charge of security through obscurity: yes it is. It is so obscure that it requires an electron microscope to recover off the chip. This security is more secure than using passwords for authentication, and about the same as the codes embedded in those two-phase authentication keyfobs. In other words: pretty decent security.)

As long as the software functions as normal, and normal functioning includes carrying the software revision, the GPL terms are met.

Now, if third parties beyond the entity distributing GPL software look at those software revision codes and offer or deny service, what's the solution?

Those third parties could be individual gamers refusing to play against hacked clients, or VOIP services refusing to carry calls using modified software.

It seems that arguing that everyone has to provide service to modified code leads to the ridiculous assertion that RedHat would lose their GPL distribution rights if their network firewall refused to pass TCP/IP packets created by a modified GPLv3 OS kernel.

How about if the GPL distributing entity provided game server source, or cell phone network server source? In that way, the receiving entity would have all the parts needed to use their device as intended: as a client on a game network (but not a client on the MSN game network), or as a client on a cell network (but not as a client on the Verizon cell network).

It's all in the definition of the "principle context of use."

(Log in to post comments)

encryption for authentication

Posted Jan 20, 2006 10:02 UTC (Fri) by hingo (subscriber, #14792) [Link]

You make good points with your twisted mind :-)

I think I mostly agree with you. At least if we think about the intent and also what is reasonable, I think it is fair to say that a drm scheme (known as trusted platform module) could be used to assert what version of a software is running, as long as it is possible to install modified versions which will be correctly identified as such.

Now, if that happens, I think it is reasonable to require, that the service provider who you got the gplv3 software from, cannot deny you some services because you modified the software. I say reasonable, because this is exactly the kind of thing the license is against. Obviously the license cannot require anything from third parties nor would it be reasonable. Therefore a third party may choose not to play with me or connect my VOIP client or whatever.

This is also how I read the license, but I am painfully aware of the fact that I don't possess a twisted lawyer kind of mind which is needed to find the kind of loopholes we are looking for.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.