An attack on paypal --> secure UI for browsers

John Kelsey kelsey.j at ix.netcom.com
Sun Jun 15 08:23:27 PDT 2003 

At 04:29 PM 6/14/03 -0400, Sunder wrote:
...
>If the day comes where MS Office DRM only works with MS Office DRM, how
>many people will switch to it?  If your company is willing to switch to
>it, then they'll give you a PC with it on it.  If they don't, then they
>can't expect you to interact with them via such formats and can't require
>you to do so.

So, have you ever tried doing substantial revisions on a large document 
that's going back and forth between two or more versions of Word?  It's in 
MS' interest to get everyone using the same version, so it's not really in 
their interest to spend great amounts of time debugging their version 
translation functions.  It shows.

If you need to coordinate working on a big Word document with several other 
people (e.g., clients or coworkers who are most comfortable with Word), you 
pretty-much will need to use not just Word, but the same version of 
Word.  That doesn't need any secure hardware to enforce, just buggy 
software.  You can sometimes work around this, but it's a pain to do.

>You sound like someone's holding a gun to your head and requiring you to
>have MS Office.

Well, let's distinguish between:

a.  The sort of network monopoly situation Microsoft is in, where the world 
has more-or-less settled on a bunch of their products, and so they can do a 
lot of irritating things before they actually lose their dominant market 
position.  (Note that this doesn't mean they are unassailable; Word Perfect 
and Lotus -123 were once in similarly dominant positions.)

b.  Eventual laws requiring that every new computer contain a secure 
processing unit to enforce the dictates of the government, the record 
companies, or whomever else on your computers.

I think a lot of the objection to TCPA is the worry that it will be 
mandated eventually, and that it will then be used to cement the network 
monopoly held by MS forever.  And Vinge's description of "ubiquitous 
governance" comes to mind here--whether it's MS or the US federal 
government or the UN or the Catholic Church, if someone can put themselves 
in control of all computer equipment you own in some secure way, they look 
a heck of a lot like the government.

>Either way, you can ask them to export to other document formats which you
>can read.  Even now Office will export to HTML for example which is
>readable by Mozilla and other browsers.

Sure.  Or you can often translate their documents, or open them with 
OpenOffice.  I do this when I just need to read and comment on a Word 
document.  But if you are going to be revising and sending back the 
document a few times, this will not work--you will lose some formatting, 
you will probably introduce weird formatting bugs, you may mess up the file 
format, etc.  It's just not worth the pain.  Though I have a legitimate 
copy of Word on my machine, when given a choice, I always do everything in 
ASCII text until the very end, and then paste the text into Word and do 
formatting last.  But again, this isn't too helpful if it's a document I'm 
working on with someone else.
...
>Either way, how much a revolt do you think there will be if Microsoft
>decides to lock down their tools (such as word) to the point where they
>can no longer export to HTML, plain text, RTF should the author wish
>it to do so and provides whatever passphrases or ID's needed to unlock
>the document and export it out?

>Who would buy such a dog of a product?  Do you think businesses are so
>stupid that they'd put up with a product that jails them in?  Get real
>son, you're howling at the moon!

Mainframe customers used to put up with this kind of treatment routinely, 
so it's not impossible.  Whether it will fly these days is an interesting 
question, but I don't think the answer is obvious.  Someone might ask the 
same rhetorical question about whether customers would sit still for buggy, 
insecure software.  But nobody would ask that question these days, as the 
answer is so painfully obvious.
...

--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD  BBC8 2A80 6948 4CAA F259

More information about the cypherpunks-legacy mailing list