[IETF-IDRM] RE: [IDRM] Disband or recharter IDRM?
Paul Lambert
PaulLambert@AirgoNetworks.Com
Wed, 11 Dec 2002 17:07:18 -0800
Yes ... there are business needs for DRM, but vendors that field DRM =
solutions are not compelled to make them a 'open' standard. DRM, whe=
n used for content protection is an exclusionary technology that prov=
ides no incentive to create open standards.
DRM is a very broad topic. The politically exciting areas of file sh=
aring and 'protecting' audio or video content are not a good places t=
o create a 'research group'.
What you need is a business reason for groups to cooperate. DRM (fro=
m content providers) forces a usage model on end-systems that does no=
t expect or require cooperation. Proprietary and patented technologi=
es are an advantage because they are harder to reverse engineer and t=
he patents are part of licensing policies that protect the implementa=
tions.
An irtf research group should not be just a discussion forum. Real p=
roblems should be solved.
For a work area to be successful, the focus must be clear. There are=
problems that could be solved by DRM-ish technologies. For example,=
spam filters could be improved with 'digital rights management' tech=
nologies. However, this type of work would be more focused and succe=
ssful as an anti-spam research group than a DRM task.
DRM is a very overloaded and heavily patented term. Fairly simple co=
ncepts of key management and public key based signatures have been co=
nverted into patented techniques for DRM. The identical techniques w=
ere used for secure messaging in the late 80's. The patent issues al=
one are a good reason to kill the working group and start specific fo=
cused efforts on solving specific problems. =20
Paul
> -----Original Message-----
> From: Lisa Rein [mailto:lisarein@finetuning.com]
> Sent: Wednesday, December 11, 2002 4:39 PM
> To: Paul Lambert
> Cc: Theisen, Isabelle; Thomas Hardjono; ietf-idrm@lists.elistx.com;
> glarose@info-mech.com; mbaugher@cisco.com
> Subject: Re: [IDRM] Disband or recharter IDRM?
>=20
>=20
> Hi Paul,
>=20
> On the contrary. Business reasons for a specific technology are=
=20
> *exactly* what defines the need for an open interoperable standard.
>=20
> Thanks,
>=20
> Lisa Rein
>=20
> http://www.finetuning.com
>=20
> Paul Lambert wrote:
>=20
> > Perhaps no one has a business reason for this committee and=20
> it should be disbanded.=20
> >=20
> > Business reasons for a specific technology does not=20
> guarentee that there is any reason for an open interoperable standa=
rd.
> >=20
> >=20
> > Paul
> >=20
> >=20
> >>-----Original Message-----
> >>From: Theisen, Isabelle [mailto:Isabelle.Theisen@unistudios.com]
> >>Sent: Wednesday, December 11, 2002 2:48 PM
> >>To: 'Thomas Hardjono'; 'ietf-idrm@lists.elistx.com';
> >>'glarose@info-mech.com'; 'mbaugher@cisco.com'
> >>Subject: RE: [IDRM] Disband or recharter IDRM?
> >>
> >>
> >>Please, I do not have a business need for these emails.=20
> >>Please, remove from the list.
> >>
> >>
> >>-----Original Message-----
> >>From: Thomas Hardjono [mailto:thardjono@yahoo.com]
> >>Sent: Wednesday, December 11, 2002 2:09 PM
> >>To: Gord Larose
> >>Cc: ietf-idrm@lists.elistx.com
> >>Subject: Re: [IDRM] Disband or recharter IDRM?
> >>
> >>
> >>At 12/11/2002||03:16 PM, Gord Larose wrote:
> >>
> >>>Hi Thomas,
> >>>Thanks for the feedback and update. At a high level I=20
> agree with you
> >>>completely.
> >>>
> >>>However, at a technical level, "Open source DRM" makes my=20
> >>
> >>brain hurt. It's
> >>
> >>>hard enough hide anything in BINARY inside a PC; but like it=
=20
> >>
> >>or not, that's
> >>
> >>>one thing DRM has to do. I should know... the NetActive=20
> >>
> >>technology I was
> >>
> >>>largely responsible for addresses exactly that problem. That=
=20
> >>
> >>technology has
> >>
> >>>never, to my knowledge, been publicly cracked... but I doubt=
=20
> >>
> >>that would have
> >>
> >>>been true if we'd published the source !
> >>
> >>Yes, I agree: "open source DRM" makes my brain hurt too :) =20
> >>However, this=20
> >>seems to be the only way to provide an alternative to proprietary=
=20
> >>technology. In many cases, perhaps the mom-and-pop=20
> >>"publisher" does not=20
> >>need 100% hack-proof DRM (maybe not even 90% hack-proof), but=
=20
> >>enough to=20
> >>discourage non-technical people from trying to break it.
> >>
> >>
> >>
> >>>And from a business perspective, Mom & Pop businesses already ha=
ve
> >>>inexpensive, low-end protection technologies available e.g. fro=
m
> >>>third-party software TBYB wrappers, or via, say, Windows=20
> >>
> >>Media Player DRM.
> >>
> >>>The obstacles are more about complexity, churn, supplier=20
> >>
> >>viability, trust,
> >>
> >>>and branding, than about cost or availability.
> >>
> >>Hmm, I'm not sure I follow here. WMP is only for certain=20
> >>types of contents=20
> >>(e.g. not books, newspapers, newletters, etc).
> >>
> >>
> >>
> >>
> >>>So we'd have to be careful about what the values of such a=20
> >>
> >>system were... if
> >>
> >>>we could figure out how it would work !
> >>>
> >>>Here's an entertaining thought: suppose we emphasize TRUST=20
> >>
> >>and CONTINUITY.
> >>
> >>>Maybe we could even subvert Palladium and the Fritz Chip to=20
> >>
> >>nobler ends ?
> >>
> >>>i.e. a system that WILL, in some sense, robustly protect=20
> >>
> >>content, but WILL
> >>
> >>>NOT - as a matter of the supplier's policy - do any of the=
=20
> >>
> >>things that
> >>
> >>>consumers and libertarians rightly fear ? And a further=20
> benefit of an
> >>>open-source (that may not be the right term, maybe=20
> >>
> >>"distributed ownership"
> >>
> >>>is better) model could be the continuing availability of the=
=20
> >>
> >>solution e.g.
> >>
> >>>Red Hat may die, but Linux won't.
> >>
> >>
> >>OK, so this is a *very* interesting question. These are=20
> the types of=20
> >>questions that needs to be discussed in a open forum and=20
> >>where pieces of it=20
> >>can be standardized (the way many pieces of Linux has been=20
> >>standardized).
> >>
> >>cheers,
> >>
> >>thomas
> >>------
> >>
> >>
> >>
> >>
> >>>I'm not sure how to do this, but maybe we could figure it out !
> >>>
> >>>Cheers,
> >>> Gord 8-)
> >>>
> >>>
> >>>
> >>>----- Original Message -----
> >>>From: "Thomas Hardjono" <thardjono@verisign.com>
> >>>To: <glarose@info-mech.com>; <ietf-idrm@lists.elistx.com>
> >>>Sent: Wednesday, December 11, 2002 12:55 PM
> >>>Subject: Re: [IDRM] Disband or recharter IDRM?
> >>>
> >>>
> >>>
> >>>>Gord,
> >>>>
> >>>>I agree with most of your comments. Judging from the=20
> >>
> >>"emotional outcry" we
> >>
> >>>>received at the last IDRM meeting (Salt Lake City IETF,=20
> >>
> >>end of 2001), DRM
> >>
> >>>>seems to mean different things to different people.
> >>>>
> >>>>
> >>>>At 12/11/2002||09:23 AM, Gord Larose wrote:
> >>>>
> >>>>>Hello:
> >>>>> Most of you on the list will not know me, as I came=20
> >>
> >>in during your
> >>
> >>>period
> >>>
> >>>>>of dormancy. I too have been mulling these issues, as=20
> >>
> >>the DRM company
> >>
> >>>that
> >>>
> >>>>>I helped found (NetActive) struggled like most others in=20
> >>
> >>the space.
> >>
> >>>>>I think there are two classes of issues here - the=20
> >>
> >>social-advocacy ones
> >>
> >>>>>and the technical ones.
> >>>>>
> >>>>>The social-advocacy issues are horribly subjective. The=20
> >>
> >>concerns were
> >>
> >>>>>well expressed in Mark's email, and we could spend=20
> >>
> >>thousands of words
> >>
> >>>>>debating them. For what it
> >>>>>is worth, I believe that DRM is not philosophically=20
> >>
> >>wrong, and further,
> >>
> >>>that
> >>>
> >>>>>it is commercially necessary. However, I do not believe=20
> >>
> >>that the current
> >>
> >>>>>"axis of greed" between Hollywood and Washington serves the be=
st
> >>>
> >>>interests
> >>>
> >>>>>of American citizens and, as a Canadian, I am very=20
> >>
> >>concerned about the
> >>
> >>>>>United States' efforts to impose its draconian views of copyri=
ght
> >>>>>enforcement on the rest of the world.
> >>>>> Good DRM does not have to put Big Brother on your hard=20
> >>
> >>drive. If it
> >>
> >>>does,
> >>>
> >>>>>then the price is too high.
> >>>>
> >>>>Right. So one of the notions we put forward in the IETF=20
> >>
> >>was: is it at all
> >>
> >>>>possible to create "open-source DRM technologies", so that smal=
l
> >>>>mom-and-pop publishers need not pay $$$ for proprietary=20
> >>
> >>solutions. The
> >>
> >>>>analogy is that with Linux and the Apache webserver,=20
> >>
> >>which are available
> >>
> >>>>for around $30.
> >>>>Another useful comparison in the RSA encryption=20
> >>
> >>algorithm, which is good
> >>
> >>>>technology, well understood, standardized and now finally=20
> >>
> >>over the patent
> >>
> >>>>hurdle.
> >>>>
> >>>>I realize that some folks take the (radical) position of=20
> >>
> >>being against any
> >>
> >>>>development of DRM technology whatsoever. The best way=20
> >>
> >>to ensure Big
> >>
> >>>>Brother does not happen is to go against any work=20
> >>
> >>relating to DRM. The
> >>
> >>>>reality is that DRM Technology is here to stay=20
> >>
> >>(proprietary), whether we
> >>
> >>>>like it or not. It will ship inside PCs and in consumer=20
> >>
> >>electronics
> >>
> >>>>devices. I think such a position actually helps the Big=20
> >>
> >>Brother syndrome,
> >>
> >>>>as it does not provide an option to the general public as=20
> >>
> >>to alternative
> >>
> >>>>sources of technology.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>On a philosophical level then, I say there is a need for=20
> >>
> >>smart people to
> >>
> >>>>>build workable DRM that citizens can live with.
> >>>>>
> >>>>>The point issue of this technical group's mandate is=20
> >>
> >>much clearer IMO.
> >>
> >>>The
> >>>
> >>>>>core
> >>>>>technology challenges for DRM are terminal node=20
> >>
> >>challenges, not network
> >>
> >>>>>challenges. Sure, a network is usually involved, but DRM=20
> >>
> >>is nothing
> >>
> >>>special
> >>>
> >>>>>for the network. DRM's basic network needs are nothing=20
> >>
> >>harder than
> >>
> >>>>>http/https over tcp/ip. And the terminal mode challenges=20
> >>
> >>are largely
> >>
> >>>about
> >>>
> >>>>>things like tamper-resistance, which are proprietary and not v=
ery
> >>>
> >>>amenable
> >>>
> >>>>>to
> >>>>>standardization. It's not something where an IETF group=20
> >>
> >>adds much value.
> >>
> >>>>Right. This is where the word "DRM" is I think a=20
> >>
> >>misnomer for the IETF
> >>
> >>>>efforts. You are absolutely right, that DRM is indeed=20
> >>
> >>"terminal node
> >>
> >>>>challenges" (ie. development of rights-enforcing=20
> >>
> >>terminals), which is not
> >>
> >>>>the traditional area of work for the IETF.
> >>>>
> >>>>However, there some network issues that is part of what I=20
> >>
> >>call the "DRM
> >>
> >>>>macrocosm", which included functions relating to=20
> >>
> >>look-ups, secure network
> >>
> >>>>storage, transaction clearinghouse, etc. These would appear to=
be
> >>>
> >>>suitable
> >>>
> >>>>for work items in the IETF.
> >>>>
> >>>>Thus, one possible change to IDRM is a new name that is=20
> >>
> >>less likely to be
> >>
> >>>>controversial.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>So where does that leave the group ? Seems to me the=20
> >>
> >>options include:
> >>
> >>>>>1) disband
> >>>>>2) generalize the focus to a multidisciplinary one,=20
> >>
> >>along the lines of
> >>
> >>>>>http://www.bcdforum.org . (Though I have to confess I find tha=
t
> >>>
> >>>organization
> >>>
> >>>>>lacking substance.)
> >>>>>3) Find specific technical problems that are obstacles=20
> >>
> >>to good (i.e.
> >>
> >>>>>effective but not Orwellian) DRM, which are going=20
> >>
> >>begging, and in scope,
> >>
> >>>>>and work on solutions.
> >>>>>
> >>>>>I don't have a top-of-mind suggestion for #3, but it=20
> >>
> >>sounds like the most
> >>
> >>>>>fun!
> >>>>
> >>>>Yes, the keyword is "fun". Perhaps others on the list=20
> >>
> >>may have specific
> >>
> >>>>suggestions?
> >>>>
> >>>>cheers,
> >>>>
> >>>>thomas
> >>>>------
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>Other thoughts ???
> >>>>>
> >>>>>Best Regards,
> >>>>> Gord Larose
> >>>>>
> >>>>>----- Original Message -----
> >>>>>From: "Mark Baugher" <mbaugher@cisco.com>
> >>>>>To: <ietf-idrm@lists.elistx.com>
> >>>>>Cc: <thardjono@yahoo.com>; "Vern Paxson" <vern@icir.org>
> >>>>>Sent: Tuesday, December 10, 2002 6:43 PM
> >>>>>Subject: [IDRM] Disband or recharter IDRM?
> >>>>>
> >>>>>
> >>>>>>IDRM has obviously been dormant for about a year.
> >>>>>>SNIP<
> >>>>
> >=20
> >=20
>=20
>=20