[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linux-aus] Microsoft Office 2003 lock-in via DRM



 ...

 discussion about Microsoft Office 2003 and DRM preceded...


On Wed, Sep 03, 2003 at 01:09:22PM +1000, Les Bell wrote:
> 
> Jeff Waugh <jdub@perkypants.org> wrote:
> 
> >>
> Oh, but dude, that is security! Haven't you heard about security? :-)
> <<
> 
> I've just been having some discussions about this very topic in Another
> Place. The general opinion seems to be that it's not possible to implement
> an open source DRM system; someone quoted me Bruce Schneier: "Any system
> where the device and the secrets within the device are under the control of
> different people has a fundamental security flaw." and I tend to believe
> that what Bruce Schneier says is true.
> 
> However, a part of me tends to believe that there has to be a way around
> this. And since it's certainly possible to provide *security* in an
> open-source system, there's a nasty asymmetry here, imho.
> 
> Finally, do I really want my data to be held in a device is under the
> control of a software vendor with an alarming track record on both security
> and privacy? As Jonathon Oxer said, the OASIS formats have to be the way to
> go, and since Office 2003 is likely to force upgrades on others for
> compatibilty, this makes the OASIS formats even more attractive.

(sorry... delayed response; been away at AUUG 2003. Trying to catch up
with this thread.)

- - - 

There is a decent opportunity here. To point out just two weaknesses
(fears?) with this Microsoft system:

 1) Microsoft-centric security. Last time this was attempted was 
    Passport, and an open consortia responded with an alternative which 
    become more popular. Passport was de-emphasised by Microsoft as a 
    result.

 2) Microsoft controls the keys. Many large organisations have shown
    themselves to be increasingly wary of this kind of infrastructure.

As this technology requirement is new, and Microsoft themselves will need
to sell it into its own existing (and inertia-bound) client-base, there
is an opportunity to quickly respond with an alternative infrastructure.
GPG (or whatever) embedded in OpenOffice.org/OASIS may be that viable
alternative.  What's needed is speedy response and viable vision of any
such alternative.

I have cc: in a couple of people from OOo who may be interested in the
conversation, as well as Justin Clift who has contacts in that
organisation and may know the best target for this information/proposal.

con
-- 
_____________________________________________________________________________
Con Zymaris <conz@cyber.com.au> Level 4, 10 Queen St, Melbourne 03 9621 2377 
Cybersource: Unix/Linux, TCP/IP and Web App. Development  www.cyber.com.au