Seth on TCPA at Defcon/Usenix
Mike Rosing
eresrch at eskimo.com
Mon Aug 12 20:38:01 PDT 2002
On Mon, 12 Aug 2002, AARG! Anonymous wrote:
> It is clear that software hacking is far from "almost trivial" and you
> can't assume that every software-security feature can and will be broken.
Anyone doing "security" had better assume software can and will be
broken. That's where you *start*.
> Furthermore, even when there is a break, it won't be available to
> everyone. Ordinary people aren't clued in to the hacker community
> and don't download all the latest patches and hacks to disable
> security features in their software. Likewise for business customers.
> In practice, if Microsoft wanted to implement a global, facist DRL,
> while some people might be able to patch around it, probably 95%+ of
> ordinary users would be stuck with it.
Yes, this the problem with security today. That's why lots of people
are advocating that the OS should be built from the ground up with
security as the prime goal rather than ad hoc addons as it is now.
Nobody wants to pay for it tho :-)
> In short, while TCPA could increase the effectiveness of global DRLs,
> they wouldn't be *that* much more effective. Most users will neither
> hack their software nor their hardware, so the hardware doesn't make
> any difference for them. Hackers will be able to liberate documents
> completely from DRL controls, whether they use hardware or software
> to do it. The only difference is that there will be fewer hackers,
> if hardware is used, because it is more difficult. Depending on the
> rate at which important documents go on DRLs, that may not make any
> difference at all.
So what's the point of TCPA if a few hackers can steal the most
expensive data? Are you now admitting TCPA is broken? You've got
me very confused now!
I'm actually really confused about the whole DRM business anyway. It
seems to me that any data available to human perceptions can be
duplicated. Period. The idea of DRM (as I understand it) is that you can
hand out data to people you don't trust, and they can't copy it. To me,
DRM seems fundamentally impossible.
Patience, persistence, truth,
Dr. mike
More information about the cypherpunks-legacy
mailing list