MobileRead Forums - View Single Post

moz · 03-25-2008, 08:07 PM

PKI does not work as DRM - it's useful for transmitting a copy of the book only to one particular user, but once the user has it they decrypt the book and have a completely free copy. There's nothing to stop them sending that decrypted copy to whoever they like.

DRM works the other way round - transmit the copy to everyone but only the permitted users can view it. That requires a locked viewer so that it will only display content licensed to it in some way, but it generally will not provide a copyable output (that defeats the whole point). If you "hide" the user's private key in the viewer and only allow viewing you have the CSS bug - all it takes is one person to find that key and it's game over. There are newer systems that try to work around that by updating the keys every time they're used. Similar problem, as I'm sure many of you know.

This is complicated by the number of legal systems, not all of which allow the restrictions that copyright owners would like and many of which make it legal to distribute equipment that removes illegal restrictions. The US, in contrast, makes it illegal to distribute that equipment even when it's designed to only allow the removal of illegal measures. Which is kind of odd, but there you have it.

03-25-2008, 08:07 PM	#21
moz Addict Posts: 370 Karma: 1553 Join Date: Feb 2008 Location: Melbun Device: Kobo H2O	PKI does not work as DRM - it's useful for transmitting a copy of the book only to one particular user, but once the user has it they decrypt the book and have a completely free copy. There's nothing to stop them sending that decrypted copy to whoever they like. DRM works the other way round - transmit the copy to everyone but only the permitted users can view it. That requires a locked viewer so that it will only display content licensed to it in some way, but it generally will not provide a copyable output (that defeats the whole point). If you "hide" the user's private key in the viewer and only allow viewing you have the CSS bug - all it takes is one person to find that key and it's game over. There are newer systems that try to work around that by updating the keys every time they're used. Similar problem, as I'm sure many of you know. This is complicated by the number of legal systems, not all of which allow the restrictions that copyright owners would like and many of which make it legal to distribute equipment that removes illegal restrictions. The US, in contrast, makes it illegal to distribute that equipment even when it's designed to only allow the removal of illegal measures. Which is kind of odd, but there you have it.