Ross Anderson wrote:
... that means making sure the PC is the hub of the future home network; and if entertainment's the killer app, and DRM is the key technology for entertainment, then the PC must do DRM.
Recently there have been a number of articles pointing out how much money Microsoft is losing on Xbox sales. To some extent, of course, console makers expect to lose money on the consoles themselves, making it up on the games. However Microsoft seems to be losing more than anyone else. Perhaps Microsoft don't care, because the Xbox is one vision they have of the future. Gradually it starts running more than just games, but you still get the ease of use and security of a console. It's always risky making predictions, but I think that over the next few years, free software will do in the desktop space what has already happened in the server space. There is a kind of economic inevitability about it; competing with a free product of equivalent quality is virtually impossible. Now, Gates isn't stupid, and I'm sure he's aware of this risk. So we have various alternative strategies. One is web services. The other strategy is to become more closed at the same time as everyone else is becoming more open. That strategy is the Xbox, which may over time evolve into the kind of tamper resistant system that we have been talking about.
During my investigations into TCPA, I learned that HP has started a development program to produce a TCPA-compliant version of GNU/linux. I couldn't figure out how they planned to make money out of this.
It might simply be useful that it exists. If people complain that they can't run Linux on the new systems, it could create all sorts of anti-trust problems. However, even if they didn't try to make money out of the product, it still wouldn't be free in the freedom sense. A similar problem to this has already come up, albeit in a much less serious form. When the Mindterm ssh client is used as an applet, it needs to be signed in order to be maximally useful. At one point it was available under the GPL, but of course if you changed it the signature was invalidated. In this case you could at least get your own code signing key, but there were problems. Firstly it cost money. Secondly by signing code that you didn't write, you would be taking responsibility for something being secure when you had no easy way of verifying that.
You need a valid signature on the binary, plus a cert to use the TCPA PKI. That will cost you money (if not at first, then eventually).
I think it would be a breach of the GPL to stop people redistributing the signature: "You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License." This doesn't help with your other point, though; people wouldn't be able to modify the code and have a useful end product. I wonder if it could be argued that your private key is part of the source code?
Anyone will be free to make modifications to the pruned code, but in the absence of a signature the resulting O/S won't enable users to access TCPA features.
What if the DRM system was cracked by means of something that you were allowed to do under the GPL? If they use the DMCA, or the Motherhood and Apple Pie Promotion Act against you, they have to stop distributing Linux. "If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all." BTW, Ross, does Microsoft Research in Cambridge work on this kind of technology? -- Pete --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com