LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Handling kernel security problems

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

encryption for authentication

encryption for authentication

Posted Jan 20, 2006 8:20 UTC (Fri) by xoddam (subscriber, #2322)
In reply to: encryption for authentication by hingo
Parent article: GPLv3: a first look

> In particular, If you distribute a game under the gpl, you cannot
> restrict access to a gaming server like you seem to want to do. Not
> because the GPL has any reach onto your gaming server, but because it
> would be technically impossible to do so when satisfying the v3
> requirements.

I think this is entirely counterfactual. There is no good reason why
someone should not set up a server which will accept connections from
only an authorised version of a client. If people want to run some
*other* client, such as a modified version of the original, against
a game server then they have the freedom to set up their own server
instead.

> The user must be provided with everything needed to access the same
> features that he can with the binary only executable, and in this
> case it would include either the secret key or that the gaming server
> is conifgured to allow such things.

I don't think features provided by a remote network service which has not
been freely licenced for use with *any* client 'to all users who receive
a copy of the Program' can possibly be considered features of the Program
itself. It's not like the users have rights over the server.

You might as well say that if a bank provides a particular certified
version of a GPLed web browser to its customers for improved security
then it has some obligation to make sure its website is also usable with
browsers (say, a bleeding-edge version of the same codebase with new and
untested features enabled) that are known to have security flaws.

(Log in to post comments)

encryption for authentication

Posted Jan 20, 2006 10:17 UTC (Fri) by hingo (subscriber, #14792) [Link]

As I've replied above, I don't think the vendor selling the game has that liberty, because it would clearly go against the intent of the license. If it is allowed by the license, then it is a loophole.

Note that this is for the cases when you buy a game and a subscription to some gaming service is included. Now, obviously it is possible for anyone to setup a server and configure it such that only certified versions of a client are able to connect. Note that there might be more than one certified version from more than one vendors/programmers.

Come to think of it, since we are talking about a game being distributed as gplv3, you'd be free to copy that came to as many consoles/pc you want to. In that sense I think the original vendor could argue, that he complies with the gpl, just that the drm/tpm scheme is to prevent cheating. (If drm is used to prevent copying of even an unmodified version, then you are clearly in breach of v3.) So maybe you are right and I'm wrong. To be on the safe side, the vendor could provide one server which will accept any connections and a "safe server" which only let's approved versions connect. "Normal people" would play on the safe server.

As for banks, I do not think banks should be allowed to restrict their clients to use only one specific browser. It is not the right way to achieve security in that case. The GPL is about giving power and choice to the user. The bank could warn the user about a known security flaw, even make it a bit unconvienient to use such a version, but the user should be left to make the decision. Note that the bank can protect itself no matter what browser you are using, and a bank should not be overly patronising if a user wants to do stupid things.

encryption for authentication

Posted Jan 30, 2006 21:46 UTC (Mon) by jharding (guest, #1102) [Link]

> There is no good reason why someone should not set up a server which will
> accept connections from only an authorised version of a client. If people
> want to run some *other* client, such as a modified version of the
> original, against a game server then they have the freedom to set up their
> own server instead.

I agree completely. The same applies for movies that are "sold" encrypted: the decryption key could be sent only to verified ("trusted") clients, so in practice, the GPLv3 draft is not even close to avoid usage of DRM systems above which a user may run GPLv3 licensed software. The user could change the keys on the hardware and run any binary and even watch encrypted movies on his modified GPLv3 licensed program... provided he has the keys required to decrypt them (e.g. movies encrypted by himself).

This seems to be a real loophole in the GPLv3 draft.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.