That is certainly a good point but don't confuse the "nexus" with NCAs (agents). I think the nexus just provides services to the NCAs which actually do the work. Think of it as a core library that services can draw on. So having to trust the nexus, is rather like trusting kernel32.dll or some other core components. Choosing to trust/run NCA sounds pretty grainular, so you can trust your validated P2P stack from your favorite independent developer and ignore (if you can) the restrictive DRM solutions that are offered. Problems certainly remain though: In the validated P2P scenario, an Adversary with enough influence to have Intel/AMD/... hand out a signed internal key can circumvent any such "protections". Thoughts? AdamL On Sat, 2003-06-14 at 11:50, David Wagner wrote:
Adam Lydick wrote:
The faq (see attached) claims that "anyone can write a nexus" and that "users control which nexus(s) run".
I certainly didn't see anything that suggests that anyone can force you to run arbitrary code, regardless of who has signed it.
"Force", maybe not. No one can "force" me to turn my machine on, for instance. But take a look at one line you quoted from the FAQ:
"Only one nexus at a time will be able to run on a machine."
That looks to me like an important sentence. -- Adam Lydick <adam.lydick@verizon.net>