LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Similar in spirit?

Similar in spirit?

Posted Oct 7, 2006 12:38 UTC (Sat) by nim-nim (subscriber, #34454)
In reply to: Similar in spirit? by pimlott
Parent article: Similar in spirit?

> On your point 0: the checksum list is maintained by the media
> distributor, so there is no need for a master key.

And how do the device knows it can accept a new checksum list? If it can not at all or if it can accept anyone your system is pretty useless

> Also, you seem to have made some interpretation I didn't intend about
> what's in the media player binary. At least, I don't know what "sequences
> 'lifted' from an Hollywood media" refers to.

Let me rephrase it then:

1. Let's say Disney decides to participate in a campaign against evil_of_the_day and makes a great mickey cartoon freely distributable provided it's alway bundled with the latest localised update of education_pamphlet_against_evil_of_the_day

2. one of your nebulous entities authorizes the video for a device sold all over the world, but does not bother with the education_pamphlet_against_evil_of_the_day, or all the localized versions, or ignores updates

3. another of your nebulous entities makes the authorized binary available advertising it can be played in media player

Questions:
A. Do you actually think no one will get sued?
B. Do you actually think no one will be condemned?
C. Do you actually think this scenario is any different legal-wise than yours?

(Log in to post comments)

Similar in spirit?

Posted Oct 9, 2006 3:38 UTC (Mon) by pimlott (guest, #1535) [Link]

And how do the device knows it can accept a new checksum list?
The device doesn't need the checksum. The device merely reports the checksum to the media distributor, which validates it against its own (self-maintained) list.
Let me rephrase it then:
[snip]

I think I understand your scenario, but I truly think the outcome is sensitive (as in my scenario) to the details of the relationships between the entities, and their intentions. If the entity in (3) is advertising the authorized binary for use in many media players, maybe they can say, "hey, it's not our fault that the device in (2) refuses to view the pamphlet--every other device views it".

To repeat, I agree that there may be grounds for finding a GPLv3 violation in some cases like I described; however I don't agree that it is clear-cut for all cases.

Similar in spirit?

Posted Oct 9, 2006 15:33 UTC (Mon) by kleptog (subscriber, #1183) [Link]

The device doesn't need the checksum. The device merely reports the checksum to the media distributor, which validates it against its own (self-maintained) list.

Well, that's obviously not going to work. Then I can simply set the code to return the expected checksum while actually running something else.

For a remote entity to verify you're actually running a particular binary is hard. The act of sending the checksum becomes the weak link, because some upstream router can just change it. So instead, the device has to fetch a list of valid checksums and have some TPM of its own to verify the checksum against the list. It's the verifying of an authentic checksum list that is the crucial part, and where of use of encryption keys comes from.

Similar in spirit?

Posted Oct 9, 2006 16:10 UTC (Mon) by pimlott (guest, #1535) [Link]

Then I can simply set the code to return the expected checksum while actually running something else.
As I said earlier in this thread, the device (with its proprietary operating system) "supports trusted remote querying of the running software". The query protocol naturally ensures the authenticity, integrity, and confidentiality of the communication. You or an upstream router can't tamper with it. The media distributer can be sure that it is talking to the unmodified operating system and getting trustworthy checksums.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds