[IETF-IDRM] Fwd: Re: [IDRM] New IDRM drafts on website + thoughts on
PKI/DRM
Thomas Hardjono
thardjono@mediaone.net
Sat, 19 May 2001 23:58:05 -0400
>Date: Mon, 14 May 2001 13:30:10 -0700
>From: Mark Baugher <mbaugher@cisco.com>
>Subject: Re: [IDRM] New IDRM drafts on website + thoughts on PKI/DRM
>X-Sender: mbaugher@mira-sjc5-6.cisco.com
>To: Thomas Hardjono <thardjono@mediaone.net>
>Cc: ietf-idrm@lists.elistx.com
>X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
>List-Owner: <mailto:ietf-idrm-help@lists.elistx.com>
>List-Post: <mailto:ietf-idrm@lists.elistx.com>
>List-Subscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=subscribe>
>List-Unsubscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=unsubscribe>
>List-Archive: <http://lists.elistx.com/archives/ietf-idrm>
>List-Help: <http://lists.elistx.com/elists/admin_email.shtml>,
> <mailto:ietf-idrm-request@lists.elistx.com?body=help>
>
>hi Thomas
> I hope to get to this thread when I return from some business travel
> later this week. I just wanted to point out that there are alternatives
> to PKI, as I'm sure you know. Obviously, public/private crypto can be
> used without a public key infrastructure if there is no compelling reason
> to publicly bind the name to the key; SPKI is one such example. There
> are also systems based on Kerberos that may be applied in some
> environments. Finally, there are issues with using signing keys at all
> for publishing: Ross Anderson et. al. have pointed out that the key life
> is typically too short for a published work that may last 70 years after
> the author's death and too long for a content work that needs to be
> authenticated and have its integrity checked within a short period after
> the work is made available. So they have a cataloging system that takes
> the place of a PKI.
>
>Cheers, Mark
>At 04:09 PM 5/14/2001 -0400, Thomas Hardjono wrote:
>
>>Folks,
>>
>>We have received a formal submission to IDRM of three Internet-Drafts
>>relating to the Handle System.
>>
>>These are located on http://www.idrm.org/idrm_drafts.htm
>>
>>I think the issues of Naming, Naming-Authorities and Naming-Support-Systems
>>are an integral part of any DRM systems and thus the DRM infrastructure
>>as a whole. Thus, it would be good to see discussion on these issues.
>>
>>As an example, if a URN is used within a Record, then some form of
>>digital signature will need to be applied to the Record.
>>This further implies that there is a Certification Authority (CA)
>>that is behind the Certificate used for the signature. This, in-turn,
>>suggests that some resemblance of a PKI is needed before the Naming system
>>can function.
>>
>>Does this mean that the whole DRM industry must wait for a worldwide PKI to
>>exist, or can we build-up a DRM-specific PKI stage-by-stage (and in fact
>>be one of the primary movers for the worldwide PKI)?
>>
>>Any comments?
>>
>>cheers,
>>
>>thomas
>>------