Executing Encrypted Code

Peter Hendrickson ph at netcom.com
Fri Dec 20 15:26:21 PST 1996


At 4:17 PM 12/20/1996, Andrew Loewenstern wrote:
> I think this whole idea of encrypted software and processors is pretty
>poorly
> thought out.

Thank you for this encouraging remark.

> How do you handle an organization with a site license for 20,000 users of a
> piece of software?  Do you issue 20,000 unique copies?

Yes, that would be necessary.  It isn't hard to tell which executable
goes with which processor.  The software vendor could give away a database
to do it.  Or, the software vendor could put all the executables up on
a web site.  What's the big deal?

> Do you really think the lower price of the software is going to offset
> the cost of an organization to manage all those processor certificates?

Yes, I do.  (BTW, the software might be sold for the same price, but
be better in other ways.)

> Site licensed software is already about as cheap as the companies are willing
> to sell it.

In the current business environment.  One reason site licenses are sold
to companies is to make piracy less encouraging.  It also solves a difficult
bookkeeping problem: "How many copies are we running?  Are we in compliance
with the law?"  Actually, site licenses don't always solve this problem,
but they sort of do.

We don't really know what pricing and terms would look like in a piracy-free
environment, we can only guess.  My guess is that preventing piracy makes
more software available for better prices.  If metering is feasible, it would
work out very well because customers no longer have to take a chance on
software and can easily explore all of the options they have.

> How about the extra hard drive space you have to purchase because you can't
> just keep one copy on a server anymore?

Let's assume 10MB of executable code per package.  A gigabyte costs about
$200 now.  That comes out to about $2 extra expense per software package.

> Think about what a nightmare it would be to update a piece of software on
> 20,000 machines simultaneously!!  It's hard enough to do it now!!

Whoever is doing the updating just needs to be able to quickly get the
right copy.  That's easy because each software module is self-identifying
as is each processor.  You just need to be able to go out on the Net
to the software vendor or internally and ask some machine for the
particular copy you need.

> What happens if a software company goes out of business?   You are then
> completely screwed when your processor dies or becomes obsolete.

This is true.  Most people make their software buying decision based on
what it can do now and for the next few years.  I believe that is rational.

> Around here we still run a few pieces of ancient hardware that were pretty
> pathetic back in 1988.  The software on them is critical but won't run on
> anything else and there is no source code available.  Believe me, nobody
> here would dare to make that mistake again!!!  At least with our current
> situation if the hardware dies we would probably be able to find a
> replacement (and I'm sure there are some replacements waiting in the stock
> room...).  But with your encrypted processor we couldn't even do that!

Yes, it would definitely be harder to keep a code museum.  People who
plan on doing that are encouraged to choose another platform and software
set.

> It seems to me that this is yet another scheme that basically does nothing
> but seriously inconvenience the software user.  Much like clipper, I believe
> this is a dog that won't hunt!!

I find it interesting that you compare this scheme to Clipper.  Judging
from the tone ("!!!") of your post, there is something about my scheme
which you find upsetting.   People usually don't get annoyed by schemes
which won't work.  (Even dumb unworkable schemes are a breath of fresh
air on this list right now.)

What I think you really don't like about my scheme is that you think it
might work and you fear various mandatory GAP proposals that could follow
its wide acceptance.  I would be interested to hear more about these
concerns.

> Perhaps instead of trying to find a way to force users into paying, software
> companies should concentrate on how offer more value and make their prices
> seem more attractive.

These are not either/or propositions.  If the decrypting processor
increases the revenue of software companies, it means people can make
more money providing better products to their customers.

> Even with piracy, the software industry is far and away the most profitable
> of all!!

There is no such thing as "profitable enough."

Peter Hendrickson
ph at netcom.com








More information about the cypherpunks-legacy mailing list