On Tue, 2006-06-06 at 14:48 -0400, Eric Northup wrote: > On Tue, 2006-06-06 at 14:37, Marcus Brinkmann wrote: > > A practical consequence is > > that the user stops using the options, because they break the programs > > that the user is expecting to work. [...] > > Exactly. That's why the system should not* provide a way to authenticate > the low-level services which might be (ab)used to implement freedom- > restricting DRM policies.
How do you propose to enforce this? In general, programs must be able to authenticate the implementations of their service providers in order to check that their robustness contract preconditions can in fact be satisfied. The problem here is that there is no operational difference between a DRM subsystem checking that it is talking to an EvilDevice driver vs. a constructor checking that it is using an authentic space bank. The mechanism of authentication is the same in both cases. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
