Re: economics of DRM, was Re: Ross's TCPA paper

2002-07-13 Thread Harmon Seaver
On Sat, Jul 13, 2002 at 10:59:23AM -0700, Eric Murray wrote: > Microsoft does not do things simply because they enjoy being evil. > They are not so worried about Linux (with its small share of the market) > that they will spend mega-bucks now on a very long term project that might > possibly let t

Re: Microsoft censors Newsweek - and new version of TCPA FAQ

2002-07-12 Thread John Young
o pull Newsweek stories after a few days that don't contribute to the MS shine. Further still, shine thine eyes on this line-up of TCPA wiseguys: Date: Fri, 12 Jul 2002 18:39:50 -0500 From: Jolley <[EMAIL PROTECTED]> Subject: [dvd-discuss] Technology Admin comments To: dvd-discuss <

Re: Microsoft censors Newsweek - and new version of TCPA FAQ

2002-07-12 Thread Nomen Nescio
Ross Anderson charged that Microsoft "censored" Newsweek because the Stephen Levy article disappeared. Actually Newsweek moves articles to their for-pay archives after a week. You can still find a pointer to it by going to www.newsweek.com and entering Palladium in the "Search the archives" box.

Re: Ross's TCPA paper

2002-07-12 Thread Eric Murray
itional manufacturing cost for the TCPA > hardware components. Motherboard manufacturers go through redesigns in order > to save cents in manufacturing costs, and they're expected to add $5 to their > manufacturing cost just to help Microsoft manage its piracy problem? Motherboard mak

Re: Ross's TCPA paper

2002-07-12 Thread Peter Gutmann
purely economic perspectice, I can't see how this will fly. I'll pull a random figure of $5 out of thin air (well, I saw it mentioned somewhere but can't remember the source) as the additional manufacturing cost for the TCPA hardware components. Motherboard manufacturers go throu

RE: Ross's TCPA paper

2002-07-12 Thread Lucky Green
Peter wrote (potentially quoting somebody else) > >From a purely economic perspectice, I can't see how this will fly. > >I'll pull a > random figure of $5 out of thin air (well, I saw it mentioned > somewhere but can't remember the source) as the additional

Re: Microsoft censors Newsweek - and new version of TCPA FAQ

2002-07-11 Thread John Young
We failed to save a copy of Steven Levy's Palladium article in Newsweek and online at MSNBC, now withdrawn by MSNBC. We can find no copy online. Whoever save a copy: we would like to receive it for publication to assure its continued availability. A Microsoft programmer, John DeTreville, named

Re: Ross's TCPA paper

2002-07-11 Thread Jay Sulzberger
On Fri, 5 Jul 2002, AARG!Anonymous wrote: < ... /> > Right, and you can boot untrusted OS's as well. Recently there was > discussion here of HP making a trusted form of Linux that would work with > the TCPA hardware. So you will have options in both the closed source and

Microsoft censors Newsweek - and new version of TCPA FAQ

2002-07-10 Thread Ross Anderson
I see that MSNBC has pulled the original article on Palladium: http://www.msnbc.com/news/770551.asp Anyway, I have just put up version 1.0 of the TCPA / Palladium FAQ at the same URL: http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html Enjoy! Ross

tcpa paper (fwd)

2002-07-10 Thread Mike Rosing
The academics think that TCPA technology is already solved. I haven't read the whole paper, but y'all might find it interesting. --Begin Forward --- From: Sean Smith <[EMAIL PROTECTED]> Date: Wed, 10 Jul 2002 09:18:22 -0400 You know,

Re: maximize best case, worst case, or average case? (TCPA)

2002-07-08 Thread Bill Stewart
At or about 09:22 AM 07/04/2002 -0700, [EMAIL PROTECTED] replied thusly: > > If they can't even ban crypto, you think they'll be able to ban > > Perl? > >They cannot ban crypto without first banning Perl. That was the >point of the Crypto-on-a-T-Shirt movement. Obvious solution. >First ban Perl,

Re: Ross's TCPA paper

2002-07-06 Thread Bill Stewart
At 09:43 PM 06/28/2002 +0200, Thomas Tydal wrote: >Well, first I want to say that I don't like the way it is today. >I want things to get better. I can't read e-books on my pocket computer, >for example, which is sad since I actually would be able to enjoy e-books >if I only could load them onto m

Re: Ross's TCPA paper

2002-07-05 Thread AARG! Anonymous
rs preventing people from typing virus-triggering command lines are utterly absurd. What are people trying to prove by raising such nonsensical propositions? Palladium needs no such capability. > Interestingly, Palladium and TCPA both allow you to modify any part of > the software installed

Re: Ross's TCPA paper

2002-07-05 Thread jamesd
-- On 5 Jul 2002 at 14:45, AARG! Anonymous wrote: > Right, and you can boot untrusted OS's as well. Recently there > was discussion here of HP making a trusted form of Linux that > would work with the TCPA hardware. So you will have options in > both the closed source and o

Re: Ross's TCPA paper

2002-07-05 Thread Hadmut Danisch
On Thu, Jul 04, 2002 at 10:54:34PM -0700, Lucky Green wrote: > > Sure you can use shell scripts. Though I don't understand how a shell > script will help you in obtaining a dump of the protected data since > your script has insufficient privileges to read the data. Nor can you > give the shell sc

RE: Ross's TCPA paper

2002-07-05 Thread Lucky Green
Hadmut Danisch wrote: > On Wed, Jul 03, 2002 at 10:54:43PM -0700, Bill Stewart wrote: > > At 12:59 AM 06/27/2002 -0700, Lucky Green wrote: > > >I fully agree that the TCPA's efforts offer potentially beneficial > > >effects. Assuming the TPM has not been compromised, the TPM should > > >enable t

Re: Ross's TCPA paper

2002-07-05 Thread Hadmut Danisch
radiction in terms. If I understand this correctly, the TCPA or Palladium hardware will include some kind of memory management device, very similar to the ones we have in hardware of the last years, but which stores some kind of de-/encryption information for each page segment and which de-/en

Re: Ross's TCPA paper

2002-07-05 Thread Seth David Schoen
es. That limitation doesn't stop you from writing your own application software or scripts. Interestingly, Palladium and TCPA both allow you to modify any part of the software installed on your system (though not your hardware). The worst thing which can happen to you as a result is that the system wil

Re: maximize best case, worst case, or average case? (TCPA)

2002-07-04 Thread Anonymous
1 the government floated one timid trial balloon about possibly restricting crypto, and it was shot down in a hail of criticism from all directions. If they can't even ban crypto, you think they'll be able to ban Perl? People who believe this are utterly disconnected from reality. To the ex

Re: maximize best case, worst case, or average case? (TCPA)

2002-07-04 Thread Ryan Lackey
tricted. They'll be like assault weapons. Use a compiler, > go to jail. This despite the fact that they are necessary tools for > technological progress today. Basically, the concern I have is not that any *particular* end-user developed application, in a post-DRM/TCPA world, will be ren

Re: maximize best case, worst case, or average case? (TCPA)

2002-07-04 Thread jamesd
running a web site? If just anyone is allowed to run a web site, they can do all kinds of scams and push all kinds of lies. Besides which hacking will make the cow's milk dry up. > To the extent that people fear the TCPA and DRM because they > think it will take us down a path to

Re: maximize best case, worst case, or average case? (TCPA)

2002-07-03 Thread jamesd
-- On 3 Jul 2002 at 10:48, xganon wrote: > Do you really think that DRM systems could eliminate cypherpunk > applications? Have you thought this through in detail? Please > expand on it. The system as specified is harmless, because it can run anyone's code, and thus can run napster like

Re: maximize best case, worst case, or average case? (TCPA)

2002-07-03 Thread xganon
ed, and more draconian. > > DRM-capable TCPA-type systems are evil by the same argument, even if > not used for DRM. > > The primary reason they are evil is not the stated goal of DRM systems > (copy protection in various forms), but the ease with which they could > be used to

Re: maximize best case, worst case, or average case? (TCPA

2002-07-02 Thread Anonymous
Robert Hettinga writes: > If it's encrypted, and it's on my hard drive, than it's my property. I own > it, not someone else. That's a private good. I can turn around, and sell it > to you. You can encrypt it, and put it on your hard drive, and you can sell > it. It's *your* property. This has not

Re: maximize best case, worst case, or average case? (TCPA

2002-07-02 Thread Ryan Lackey
Quoting Joseph Ashwood <[EMAIL PROTECTED]>: > The same argument can be applied to just about any tool. > > A knife has a high likelihood of being used in such a manner that it causes > physical damage to an individual (e.g. you cut yourself while slicing your > dinner) at some point in its usefu

Re: Ross's TCPA paper

2002-07-02 Thread Tim May
On Monday, July 1, 2002, at 07:15 PM, Mike Rosing wrote: > On Mon, 1 Jul 2002 [EMAIL PROTECTED] wrote: > >> -- >> On 1 Jul 2002 at 15:06, Tim May wrote: >>> I have strong views on all this DRM and TCPA stuff, and >>> especially on the claim that some

Re: Re: maximize best case, worst case, or average case? (TCPA

2002-07-02 Thread R. A. Hettinga
At 6:46 PM -0700 on 7/1/02, Joseph Ashwood wrote: > DRM is a tool. I agree. And I don't think any tool is evil, either, and, I bet, Ryan probably doesn't want to come across as a hoplophobe as you're depiction of his calling a particular technology evil makes him sound either. :-). That said,

Re: maximize best case, worst case, or average case? (TCPA

2002-07-02 Thread R. A. Hettinga
At 4:02 AM +0200 on 7/2/02, AAA, the Annoying Anonymous Austrian wrote: > But you claimed that signed pieces of digital information were private > goods. Please explain. If it's encrypted, and it's on my hard drive, than it's my property. I own it, not someone else. That's a private good. I c

Re: Ross's TCPA paper

2002-07-02 Thread Mike Rosing
On Mon, 1 Jul 2002 [EMAIL PROTECTED] wrote: > -- > On 1 Jul 2002 at 15:06, Tim May wrote: > > I have strong views on all this DRM and TCPA stuff, and > > especially on the claim that some form of DRM is needed to > > prevent government from taking over control of th

Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread jamesd
-- On 1 Jul 2002 at 22:10, Anonymous wrote: > The fact is that the market can't solve this kind of problem. > That's right, markets are not perfect. [] But information > objects, absent successful DRM restrictions, are effectively > public goods. Markets do not handle public goods well.

Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread R. A. Hettinga
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Traffic Analysis is A Bitch, boys and girls. At 10:10 PM +0200 on 7/1/02, The Single-Remailer-Hop Anonymous Austrian Innumerate returns, writing: > They do fine for ordinary, private > goods. A signed, much less encrypted, copy of a piece of digita

Re: Ross's TCPA paper

2002-07-01 Thread Tim May
PROTECTED]> Date: Sat Jun 29, 2002 10:03:33 PM US/Pacific To: Barney Wolff <[EMAIL PROTECTED]> Cc: "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]> Subject: Re: Ross's TCPA paper > > Here&

Re: Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread Joseph Ashwood
- Original Message - From: "Ryan Lackey" <[EMAIL PROTECTED]> > I consider DRM systems (even the not-secure, not-mandated versions) > evil due to the high likelyhood they will be used as technical > building blocks upon which to deploy mandated, draconian DRM systems. The same argument ca

Re: Ross's TCPA paper

2002-07-01 Thread jamesd
-- On 1 Jul 2002 at 15:06, Tim May wrote: > I have strong views on all this DRM and TCPA stuff, and > especially on the claim that some form of DRM is needed to > prevent government from taking over control of the "arts." > > But we said everything that needed t

Re: Ross's TCPA paper

2002-07-01 Thread Anonymous
[Repost] Bear writes: > A few years ago merchants were equally adamant and believed > equally in the rightness of maintaining their "right" to not > do business with blacks, chicanos, irish, and women. It'll > pass as people wake up and smell the coffee. Unfortunately > that won't be until aft

Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread Gabriel Rocha
On Mon, Jul 01, at 10:10PM, Anonymous wrote: | Brilliant. Let the market solve the problem. Why bother with the auction | part, then? If the market's going to solve the problem for the 2nd guy | to hold the copy, why not let it solve the problem for the 1st? The fact | is, quot

Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread Anonymous
Robert Hettinga writes: > All they have to do is auction the first copy off for a lot of money, cash, > and let the market take care of the rest. That, by the way, is what people > do now, of course, with advances, record contracts, and so on. Brilliant. Let the market solve the problem. Why b

Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread R. A. Hettinga
At 7:25 PM -0500 on 6/30/02, xganon wrote: > The only evil here is the viewpoint that people must not have choices, > that they must be forced into a Communist from-each-according-to-his- > ability system where creative people have no choice or control over the > products of their minds. All th

Re: Ross's TCPA paper

2002-07-01 Thread Ben Laurie
Barney Wolff wrote: > My use of "anonym" was a joke. Sorry if it was too deadpan. But > my serious point was that if a pseudonym costs nothing to get or > give up, it makes one effectively anonymous, if one so chooses. Well, yeah, I'd say that single-use pseudonyms are, in fact, the definition

Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread xganon
Ryan Lackey provides a detailed analysis, but he gets off to a bad start right at the beginning: > DRM systems embedded in general purpose computers, especially if > mandated, especially if implemented in the most secure practical > manner (running the system in system-high DRM mode and not allow

Anonyms, Pseudonyms, and Fists (was Re: Ross's TCPA paper)

2002-07-01 Thread R. A. Hettinga
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 11:37 AM +0100 on 7/1/02, Ben Laurie wrote: > Hmm. So present the appropriate definition? Well, like I said, (and to be completely pedantic about it :-)), it seems to me that logically there's no such thing as an "anonym" even though you could d

Re: Ross's TCPA paper

2002-07-01 Thread Barney Wolff
My use of "anonym" was a joke. Sorry if it was too deadpan. But my serious point was that if a pseudonym costs nothing to get or give up, it makes one effectively anonymous, if one so chooses. On Mon, Jul 01, 2002 at 11:37:28AM +0100, Ben Laurie wrote: > R. A. Hettinga wrote: > > At 12:06 AM +0

Re: Ross's TCPA paper

2002-07-01 Thread R. A. Hettinga
At 11:30 PM -0400 on 6/30/02, Barney Wolff wrote: > anonym n : "Mr. and Mrs. John Smith" when signed in a motel register. No. Pseudonym(s). Subclass "Alias". An anonym (literally, "no name", right?) is not signing the book at all, and, thus, as "nyms" go, can't exist except in your mind. Somew

Re: Ross's TCPA paper

2002-07-01 Thread Ben Laurie
R. A. Hettinga wrote: > At 12:06 AM +0100 on 7/1/02, Ben Laurie wrote: >>No, a pseudonym can be linked to stuff (such as reputation, >>publications, money). An anonym cannot. > > More to the point, there is no such "thing" as an "anonym", by definition. Hmm. So present the appropriate definition

Re: maximize best case, worst case, or average case? (TCPA

2002-07-01 Thread Ryan Lackey
he high likelyhood they will be used as technical building blocks upon which to deploy mandated, draconian DRM systems. DRM systems inevitably slide toward being more mandated, and more draconian. DRM-capable TCPA-type systems are evil by the same argument, even if not used for DRM. The primary re

Re: Ross's TCPA paper

2002-07-01 Thread Barney Wolff
anonym n : "Mr. and Mrs. John Smith" when signed in a motel register. On Sun, Jun 30, 2002 at 09:55:58PM -0400, R. A. Hettinga wrote: > > More to the point, there is no such "thing" as an "anonym", by definition. -- Barney Wolff I never met a computer I didn't like.

Re: Ross's TCPA paper

2002-06-30 Thread R. A. Hettinga
At 12:06 AM +0100 on 7/1/02, Ben Laurie wrote: > No, a pseudonym can be linked to stuff (such as reputation, > publications, money). An anonym cannot. More to the point, there is no such "thing" as an "anonym", by definition. There's no way to link the behavior of one event that an "anonym" ca

Re: Ross's TCPA paper

2002-06-30 Thread Ben Laurie
Barney Wolff wrote: > A pseudonym that I can give up at will and that can never afterwards > be traced to me is equivalent to an anonym. No, a pseudonym can be linked to stuff (such as reputation, publications, money). An anonym cannot. Cheers, Ben. -- http://www.apache-ssl.org/ben.html

Re: maximize best case, worst case, or average case? (TCPA)

2002-06-30 Thread Ryan Lackey
ely both smartcards and dongles are forms of hardware tokens > the issue would be whether a smartcard form factor might be utilized in a > copy protection scheme similar to TCPA paradigm a single hardware chip > that you register for all you applications or in the dongle parad

Re: Ross's TCPA paper

2002-06-30 Thread bear
On Sun, 30 Jun 2002, Barney Wolff wrote: >A pseudonym that I can give up at will and that can never afterwards >be traced to me is equivalent to an anonym. Actually, I don't have a problem with it being traced afterwards, if a crime has been committed and there's a search warrant or equivalent t

Re: Ross's TCPA paper

2002-06-30 Thread Barney Wolff
On Sat, Jun 29, 2002 at 10:03:33PM -0700, bear wrote: > ... > >I won't give up the right NOT to do business with anonymous customers, > >or anyone else with whom I choose not to do business. > > A few years ago merchants were equally adamant and believed > equally in the rightness of maintaining

Re: Ross's TCPA paper

2002-06-30 Thread bear
On Sun, 30 Jun 2002, Barney Wolff wrote: >The trouble I have with this is that I'm not only a consumer, I'm >also a merchant, selling my own professional services. And I just >will not, ever, perform services for an anonymous client. That's >my choice, and the gov't will take it away only when

Re: maximize best case, worst case, or average case? (TCPA)

2002-06-30 Thread lynn . wheeler
"security modules" are also inside the swipe & pin-entry boxes that you see at check-out counters. effectively both smartcards and dongles are forms of hardware tokens the issue would be whether a smartcard form factor might be utilized in a copy protection scheme similar to

Re: maximize best case, worst case, or average case? (TCPA)

2002-06-30 Thread Ryan Lackey
sor) are stored on vendor-controlled hardware centrally located, with only the UI executing on the end user's machine. What I'd really like is a design which accomplishes the "good" parts of TCPA, ensuring that when code claims to be executing in a certain form, it really is, a

TCPA/MS

2002-06-30 Thread Dave Howe
Phil Youngblood posted the following to the securecomp server - thought it might interest people here, given the recent discussion of M$'s DRM stuff... -- This from the Eula for the latest Windows Media Player patch. * Digital Rights Management (Sec

Re: Ross's TCPA paper

2002-06-30 Thread Barney Wolff
A pseudonym that I can give up at will and that can never afterwards be traced to me is equivalent to an anonym. I'm not suggesting that anonymity be outlawed, or that every merchant be required to reject anonymous or pseudonymous customers. All I'm suggesting is that "small" merchants MUST NOT

Re: Ross's TCPA paper

2002-06-29 Thread bear
On Wed, 26 Jun 2002, Barney Wolff wrote: >Do you really mean that if I'm a business, you can force me to deal with >you even though you refuse to supply your real name? Not acceptable. I don't think that privacy (in the sense of having the right to keep private details of your life from being l

maximize best case, worst case, or average case? (TCPA)

2002-06-29 Thread Ryan Lackey
[summary: "TCPA is a tool which even if not necessarily always used for DRM applications, and other far more evil applications, is dangerous enough that it must be killed to prevent the introduction of, and legal mandate for, these DRM and other more evil applications. People should be pre

Re: Ross's TCPA paper

2002-06-29 Thread Ross Anderson
Yes, this is a debate I've had with the medical privacy7 guys, some of whom like the idea of using Palladium to protect medical records. This is a subject on which I've a lot of experience (see my web page), and I don't think that Palladium will help. Privacy abuses almost always involve abuse of

Re: Ross's TCPA paper

2002-06-29 Thread bear
On Mon, 24 Jun 2002, Anonymous wrote: >The important thing to note is this: you are no worse off than today! >You are already in the second state today: you run untrusted, and none >of the content companies will let you download their data. But boolegs >are widely available. The problem is that

RE: Ross's TCPA paper

2002-06-27 Thread Mike Rosing
er, enabling platform security, as much as might be stressed > otherwise by the stakeholders, has never been the motive behind the > TCPA. The motive has been DRM. Does this mean that one should ignore the > benefits that TCPA might bring? Of course not. But it does mean that one > sho

Re: Ross's TCPA paper

2002-06-27 Thread Ken Brown
Pete Chown wrote: > BTW, I have been thinking for a while about putting together a UK > competition complaint about DVD region coding. No promises that > anything will happen quickly. On the other hand, if people offer help > (or just tell me that they think it is a worthwhile thing to do) it w

Re: Two additional TCPA/Palladium plays

2002-06-27 Thread Harmon Seaver
On Wed, Jun 26, 2002 at 09:10:25PM -0700, Lucky Green wrote: > Below are two more additional TCPA plays that I am in a position to > mention: > > 1) Permanently lock out competitors from your file formats. > > >From Steven Levy's article: > "A more interes

Re: Ross's TCPA paper

2002-06-27 Thread Marcel Popescu
From: <[EMAIL PROTECTED]> > As a side note, it seems that a corporation would actually have to > demonstrate that I had seen and agreed to the thing and clicked > acceptance. Prior to that point, I could reverse engineer, since > there is no statement that I cannot reverse engineer agreed to. S

Two additional TCPA/Palladium plays

2002-06-27 Thread Lucky Green
[Minor plug: I am scheduled to give a talk on TCPA at this year's DEF CON security conference. I promise it will be an interesting talk. http://www.defcon.org ] Below are two more additional TCPA plays that I am in a position to mention: 1) Permanently lock out competitors from your

Re: Ross's TCPA paper

2002-06-27 Thread David Wagner
Mike Rosing wrote: >As long as MS Office isn't mandated by law, who cares? It's not clear that enabling anti-competitive behavior is good for society. After all, there's a reason we have anti-trust law. Ross Anderson's point -- and it seems to me it's one worth considering -- is that, if there

RE: Ross's TCPA paper

2002-06-27 Thread Lucky Green
placed you NIC with the rarer, but not unheard of, variant that ships out the contents of your operating RAM via DMA and IP padding outside the abilities of your OS to detect. However, enabling platform security, as much as might be stressed otherwise by the stakeholders, has never been the motive

RE: DRMs vs internet privacy (Re: Ross's TCPA paper)

2002-06-27 Thread Lucky Green
eployment) copy-mark > (fingerprint) systems, there are a number of approaches which > have been suggested, or could be used to have viewing privacy. The TCPA specs were carefully designed to permit the user to obtain multiple certificates from multiple CA's and thus, if, and that's

Re: Ross's TCPA paper

2002-06-27 Thread Mike Rosing
hased Microsoft Office for $500.) > Now notice that the same idea can be used to inhibit competition in > just about any computer market, and I hope you appreciate Ross's point. > TCPA/DRM has the potential for anti-competitive effects, and the result > may well be worse off than we are today.

Re: Ross's TCPA paper

2002-06-26 Thread David Wagner
Scott Guthery wrote: >Perhaps somebody can describe >a non-DRM privacy management system. Uhh, anonymous remailers? I never disclose my identity, hence there is no need for parties I don't trust to "manage" it. Come on, folks. This ought to be cypherpunks 101. DRM might be one way to achieve

Re: Ross's TCPA paper

2002-06-26 Thread bear
On Wed, 26 Jun 2002, Barney Wolff wrote: >Do you really mean that if I'm a business, you can force me to deal with >you even though you refuse to supply your real name? Not acceptable. >I won't give up the right NOT to do business with anonymous customers, >or anyone else with whom I choose not

DRMs vs internet privacy (Re: Ross's TCPA paper)

2002-06-26 Thread Adam Back
On Wed, Jun 26, 2002 at 03:57:15PM -0400, C Wegrzyn wrote: > If a DRM system is based on X.509, according to Brand I thought you could > get anonymity in the transaction. Wouldn't this accomplish the same thing? I don't mean that you would necessarily have to correlate your viewing habits with yo

Re: Ross's TCPA paper

2002-06-26 Thread David Wagner
oft.com won't give you the key unless you've bought a "secure" "trusted" OS and purchased Microsoft Office for $500.) Now notice that the same idea can be used to inhibit competition in just about any computer market, and I hope you appreciate Ross's point. TCPA/DRM has the potential for anti-competitive effects, and the result may well be worse off than we are today.

Re: Ross's TCPA paper

2002-06-26 Thread Sunder
On Wed, 26 Jun 2002, Barney Wolff wrote: > Do you really mean that if I'm a business, you can force me to deal with > you even though you refuse to supply your real name? When was the last time you had to give your name when you bought a newspaper, CD or a DVD in a non-online/non-mail order st

Re: TCPA / Palladium FAQ (was: Re: Ross's TCPA paper)

2002-06-26 Thread Ed Gerck
: > http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html > > Ross > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

TCPA / Palladium FAQ (was: Re: Ross's TCPA paper)

2002-06-26 Thread Ross Anderson
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html Ross

Re: Ross's TCPA paper

2002-06-26 Thread pasward
; : Anonymous wrote: > : > : > Furthermore, inherent to the TCPA concept is that the chip can in > : > effect be turned off. No one proposes to forbid you from booting a > : > non-compliant OS or including non-compliant drivers. > : > : Good point. At least I hope they do

Re: Ross's TCPA paper - DRM and privacy

2002-06-26 Thread C Wegrzyn
t; <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Orig-To: "bear" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, June 26, 2002 3:37 PM Subject: Re: Ross's TCPA paper > On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote: >

Re: Ross's TCPA paper

2002-06-26 Thread C Wegrzyn
ar" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, June 26, 2002 3:37 PM Subject: Re: Ross's TCPA paper > On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote: > > As I see it, we can get either privacy or DRM, > > but t

Re: Ross's TCPA paper

2002-06-26 Thread Barney Wolff
Do you really mean that if I'm a business, you can force me to deal with you even though you refuse to supply your real name? Not acceptable. I won't give up the right NOT to do business with anonymous customers, or anyone else with whom I choose not to do business. The point about DRM, if I und

Re: Ross's TCPA paper

2002-06-26 Thread RL 'Bob' Morgan
On Tue, 25 Jun 2002, Dan Geer wrote: > the problem statements for "privacy" and for "digital rights management" > were identical Hmm, so: privacy : DRM :: wiretapping : fair use - RL "Bob"

Re: Ross's TCPA paper

2002-06-26 Thread Adam Back
On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote: > As I see it, we can get either privacy or DRM, > but there is no way on Earth to get both. > [...] Hear, hear! First post on this long thread that got it right. Not sure what the rest of the usually clueful posters were thinking! DRM syst

Re: Ross's TCPA paper

2002-06-26 Thread Jon Callas
On 6/25/02 4:15 AM, "Dan Geer" <[EMAIL PROTECTED]> wrote: > Over the last six months, I'd discovered that Carl Ellison (Intel), > Joan Feigenbaum (Yale) and I agreed on at least one thing: that the > problem statements for "privacy" and for "digital rights management" > were identical, viz., "con

RE: Ross's TCPA paper

2002-06-26 Thread Scott Guthery
[EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: 6/25/02 11:56 AM Subject: Re: Ross's TCPA paper I don't believe that the choice is both privacy and TCPA, or neither. Essentially all privacy violations are abuses of authorised access by insiders. Your employer's medic

RE: Ross's TCPA paper

2002-06-26 Thread bear
On Wed, 26 Jun 2002, Scott Guthery wrote: >Privacy abuse is first and foremost the failure >of a digital rights management system. A broken >safe is not evidence that banks shouldn't use >safes. It is only an argument that they shouldn't >use the safe than was broken. > >I'm hard pressed to ima

Re: Ross's TCPA paper

2002-06-26 Thread Pete Chown
Peter D. Junger wrote: > That isn't the reason why a click-through agreement isn't > enforceable---the agreement could, were it enforceable, validlly > forbid reverse engineering for any reason and that clause would > in most cases be upheld. Not in Europe though. EU directive 91/250/EEC "on t

Re: Ross's TCPA paper

2002-06-25 Thread Peter D. Junger
Sandy Harris writes: : "Peter D. Junger" wrote: : : > : > There is not even social opprobrium; look at how eager : > : > everyone was to look the other way on the question of whether the DeCSS : > : > reverse engineering violated the click-through agreement. : > : : > : Perhaps it did, but the l

Re: Ross's TCPA paper

2002-06-25 Thread Ross Anderson
I don't believe that the choice is both privacy and TCPA, or neither. Essentially all privacy violations are abuses of authorised access by insiders. Your employer's medical insurance scheme insists on a waiver allowing them access to your records, which they then use for promotion

Re: Ross's TCPA paper

2002-06-25 Thread Sandy Harris
"Peter D. Junger" wrote: > : > There is not even social opprobrium; look at how eager > : > everyone was to look the other way on the question of whether the DeCSS > : > reverse engineering violated the click-through agreement. > : > : Perhaps it did, but the licence agreement was unenforceable.

Re: Ross's TCPA paper

2002-06-25 Thread Ken Brown
Pete Chown wrote: [...] > This doesn't help with your other point, though; people wouldn't be able > to modify the code and have a useful end product. I wonder if it could > be argued that your private key is part of the source code? Am I expected to distribute my password with my code?

Re: Ross's TCPA paper

2002-06-25 Thread Peter D. Junger
Pete Chown writes: : Anonymous wrote: : : > Furthermore, inherent to the TCPA concept is that the chip can in : > effect be turned off. No one proposes to forbid you from booting a : > non-compliant OS or including non-compliant drivers. : : Good point. At least I hope t

Re: Ross's TCPA paper

2002-06-25 Thread Morlock Elloi
> Speaking personally, if asked "DRM & privacy, both or neither?" > then I will take "both" -- YMMV. This bullshit is getting deeper and thicker. (dis)ability to replay received information at will has next to nothing to do with ability to stop unwanted parties from obtaining secret information

Re: Ross's TCPA paper

2002-06-25 Thread Dan Geer
Over the last six months, I'd discovered that Carl Ellison (Intel), Joan Feigenbaum (Yale) and I agreed on at least one thing: that the problem statements for "privacy" and for "digital rights management" were identical, viz., "controlled release of information is yours at a distance in space or t

RE: Ross's TCPA paper

2002-06-24 Thread Lucky Green
Pete Chown wrote quoting Ross: > > You need a valid signature on the binary, plus a cert to > use the TCPA > > PKI. That will cost you money (if not at first, then eventually). > > I think it would be a breach of the GPL to stop people > redistributing the signature:

Re: Ross's TCPA paper

2002-06-24 Thread Pete Chown
Anonymous wrote: > Furthermore, inherent to the TCPA concept is that the chip can in > effect be turned off. No one proposes to forbid you from booting a > non-compliant OS or including non-compliant drivers. Good point. At least I hope they don't. :-) > There is not even

Re: Ross's TCPA paper

2002-06-24 Thread Mike Rosing
t. Therefore the Hollings bill would not increase the > effectiveness of the TCPA model. And it follows, then, that Lucky and > Ross are wrong to claim that this bill is intended to legislate use of > the TCPA. The TCPA does not require legislation. Exactly. Let the market decide. This i

Re: Ross's TCPA paper

2002-06-24 Thread Nomen Nescio
Ross Anderson writes: > During my investigations into TCPA, I learned that HP has started a > development program to produce a TCPA-compliant version of GNU/linux. > I couldn't figure out how they planned to make money out of this. On > Thursday, at the Open Source Software Eco

Ross TCPA paper

2002-06-24 Thread Larry J. Blunk
For those who question the use of the TCPA spec as part of a DRM system, I refer you to the following article where the author interviewed Jim Ward of IBM (one of the authors of the TCPA spec) -- http://www.101com.com/solutions/security/article.asp?ArticleID=3266 In particular, note the

Re: Ross's TCPA paper

2002-06-24 Thread Anonymous
es who can only sit slack-jawed as they force-feed us whatever content they desire, charging whatever they wish. The recent outcry over TCPA falls into this category. Cypherpunks alternate between smug assertions of the first claim and panicked wailing about the second. The important point abou

Re: Ross's TCPA paper

2002-06-24 Thread Pete Chown
to become more closed at the same time as everyone else is becoming more open. That strategy is the Xbox, which may over time evolve into the kind of tamper resistant system that we have been talking about. > During my investigations into TCPA, I learned that HP has started a > development p

<    1   2   3   4   >