This is getting a bit far afield from cryptography, but proper threat
analysis is still relevant.
On May 27, 2009, at 4:07 AM, Ray Dillinger wrote:
On Tue, 2009-05-26 at 18:49 -0700, John Gilmore wrote:
It's a little hard to help without knowing more about the situation.
I.e. is this a software company? Hardware? Music? Movies?
Documents? E-Books?
It's a software company.
Is it trying to prevent access to something, or
the copying of something? What's the something? What's the threat
model? Why is the company trying to do that? Trying to restrain
customers?
Its customers would be other software companies that want to produce
"monitored" applications. Their product inserts program code into
existing applications to make those applications monitor and report
their own usage and enforce the terms of their own licenses, for
example disabling themselves if the central database indicates that
their licensee's subscription has expired or if they've been used
for more hours/keystrokes/clicks/users/machines/whatever in the
current month than licensed for.
The idea is that software developers could use their product instead
of spending time and programming effort developing their own license-
enforcement mechanisms, using it to directly transform on the
executables as the last stage of the build process.
The threat model is that the users and sysadmins of the machines
where the "monitored" applications are running have a financial
motive to prevent those applications from reporting their usage.
If this is really their threat model, it's ill-considered. First, no
reputable company in their right mind would play games with software
licensing in an attempt to save a few dollars. In fact, most
companies bend over backwards with internal audits and other
mechanisms to ensure they are in compliance. The risk is far too
great to do otherwise -- both to reputation and to the bottom line.
They may counter that they are attempting to nudge into compliance
reputable companies that are simply not large enough or savvy enough
to ensure their own compliance. In this case, something far less
complex than what is traditionally implied by "DRM" can be used.
Thus, the users you are now considering are members of _disreputable_
companies. Since DRM is easily circumvented, and the company is
disreputable, you have a reasonable expectation that your DRM will be
ineffective.
Second, sysadmins have no financial motive, unless they are also the
owners. It is irrelevant to the sysadmin whether the business pays an
appropriate amount for licenses. His salary is still his salary.
Finally, large institutions (let's take financial firms as this is my
area of expertise) will not install software that has hard expirations
or other restrictive licensing mechanisms. The reason is simple.
These mechanisms cause outages -- sometimes because of snafus in the
renewal of licenses, sometimes because of poor code quality in the
enforcement mechanism. At my firm, any such scheme is an immediate
non-starter.
-wps
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
