Comment Re:Hands in the ears? (Score 1) 1399
The open source community at large needs to take off the tinfoil hats and start doing some real development on these platforms.
This is simply not possible. DRM is fundamentally about shared -- but hidden -- encryption keys. DRM software cannot be Open Source because then you'd be able to see the keys or extract them from the datastream. The only way for DRM to "work" is to have a complete chain of hardware and software for which users have no control over. For example: hardware which will only operate and exchange DRM keys with cryptographically signed software. That software cannot be Open Source and it cannot run on an Open Source operating system kernel. (otherwise, you could just probe memory and find the secret key) There is no middle ground here. It's physically impossible to implement DRM in Open Source software.
Having that said, some technologies, such as TCPA, are indeed dual purpose. Let me give you an example. If the user -- rather than the hw/sw vendor -- controls the encryption keys, he/she can password protect his/her data or cause the hardware to run only binaries that he/she has signed. This is not DRM; it's just a form of hardware-based data security. Of course, TCPA can also be used for evil -- when vendors have their own keys hardwired into the chips and the user cannot access them. This use of TCPA allows for all the bad stuff: hardware that will only run a certain vendor's OS, media that will only play on certain "trusted" hardware and software, etc.
This is simply not possible. DRM is fundamentally about shared -- but hidden -- encryption keys. DRM software cannot be Open Source because then you'd be able to see the keys or extract them from the datastream. The only way for DRM to "work" is to have a complete chain of hardware and software for which users have no control over. For example: hardware which will only operate and exchange DRM keys with cryptographically signed software. That software cannot be Open Source and it cannot run on an Open Source operating system kernel. (otherwise, you could just probe memory and find the secret key) There is no middle ground here. It's physically impossible to implement DRM in Open Source software.
Having that said, some technologies, such as TCPA, are indeed dual purpose. Let me give you an example. If the user -- rather than the hw/sw vendor -- controls the encryption keys, he/she can password protect his/her data or cause the hardware to run only binaries that he/she has signed. This is not DRM; it's just a form of hardware-based data security. Of course, TCPA can also be used for evil -- when vendors have their own keys hardwired into the chips and the user cannot access them. This use of TCPA allows for all the bad stuff: hardware that will only run a certain vendor's OS, media that will only play on certain "trusted" hardware and software, etc.
