LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Similar in spirit?

Similar in spirit?

Posted Oct 6, 2006 22:31 UTC (Fri) by pimlott (guest, #1535)
In reply to: Similar in spirit? by nim-nim
Parent article: Similar in spirit?

I agree that the weak point in my scenario lies in the relationships between the parties. If you can show that the media player maker is colluding with the device manufacturer or the media distributors to keep users from exercising their rights, you might be able to use the GPLv3 against them. But I am not as sanguine about this as you: I still fear that courts would not consider my scenario (or some variation) collusion. DRM is still an experiment, and we should keep an open (that is, cynical) mind about all of the imaginitive ways in which the media industry will try to use it.

On your point 0: the checksum list is maintained by the media distributor, so there is no need for a master key.

Also, you seem to have made some interpretation I didn't intend about what's in the media player binary. At least, I don't know what "sequences 'lifted' from an Hollywood media" refers to. What I had in mind is simply that the media player only plays files signed by the media distributor's public key and enforces use restrictions specified in the files. If I offered such a binary (along with its sources) on my web site, having no relationship with any device manufacturer or media distributor, just to be ornery, surely I wouldn't be violating any license.

(Log in to post comments)

Similar in spirit?

Posted Oct 7, 2006 12:38 UTC (Sat) by nim-nim (subscriber, #34454) [Link]

> On your point 0: the checksum list is maintained by the media
> distributor, so there is no need for a master key.

And how do the device knows it can accept a new checksum list? If it can not at all or if it can accept anyone your system is pretty useless

> Also, you seem to have made some interpretation I didn't intend about
> what's in the media player binary. At least, I don't know what "sequences
> 'lifted' from an Hollywood media" refers to.

Let me rephrase it then:

1. Let's say Disney decides to participate in a campaign against evil_of_the_day and makes a great mickey cartoon freely distributable provided it's alway bundled with the latest localised update of education_pamphlet_against_evil_of_the_day

2. one of your nebulous entities authorizes the video for a device sold all over the world, but does not bother with the education_pamphlet_against_evil_of_the_day, or all the localized versions, or ignores updates

3. another of your nebulous entities makes the authorized binary available advertising it can be played in media player

Questions:
A. Do you actually think no one will get sued?
B. Do you actually think no one will be condemned?
C. Do you actually think this scenario is any different legal-wise than yours?

Similar in spirit?

Posted Oct 9, 2006 3:38 UTC (Mon) by pimlott (guest, #1535) [Link]

And how do the device knows it can accept a new checksum list?
The device doesn't need the checksum. The device merely reports the checksum to the media distributor, which validates it against its own (self-maintained) list.
Let me rephrase it then:
[snip]

I think I understand your scenario, but I truly think the outcome is sensitive (as in my scenario) to the details of the relationships between the entities, and their intentions. If the entity in (3) is advertising the authorized binary for use in many media players, maybe they can say, "hey, it's not our fault that the device in (2) refuses to view the pamphlet--every other device views it".

To repeat, I agree that there may be grounds for finding a GPLv3 violation in some cases like I described; however I don't agree that it is clear-cut for all cases.

Similar in spirit?

Posted Oct 9, 2006 15:33 UTC (Mon) by kleptog (subscriber, #1183) [Link]

The device doesn't need the checksum. The device merely reports the checksum to the media distributor, which validates it against its own (self-maintained) list.

Well, that's obviously not going to work. Then I can simply set the code to return the expected checksum while actually running something else.

For a remote entity to verify you're actually running a particular binary is hard. The act of sending the checksum becomes the weak link, because some upstream router can just change it. So instead, the device has to fetch a list of valid checksums and have some TPM of its own to verify the checksum against the list. It's the verifying of an authentic checksum list that is the crucial part, and where of use of encryption keys comes from.

Similar in spirit?

Posted Oct 9, 2006 16:10 UTC (Mon) by pimlott (guest, #1535) [Link]

Then I can simply set the code to return the expected checksum while actually running something else.
As I said earlier in this thread, the device (with its proprietary operating system) "supports trusted remote querying of the running software". The query protocol naturally ensures the authenticity, integrity, and confidentiality of the communication. You or an upstream router can't tamper with it. The media distributer can be sure that it is talking to the unmodified operating system and getting trustworthy checksums.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds