Quote:
Originally Posted by Steve Jordan
Jon, just for the record, how would you feel if DRM was based on a single number, like your SSN, say, that you entered into any and every device you owned, guaranteeing you could read your content on anything you owned and could transfer them around?
|
They should use asymetric encryption (Public/Private key) like PGP.
YOU generate your key pair... you upload your public key to a key server. You put your private key on any device that needs to decrypt stuff.
When you buy a book it is decrypted using your public key found on the key server based on your name/email address. All book stores should maintain a history of what you bought so if you need to revoke a key (cause you lost the private key or it was comprimised) you can redownload it reencrypted with your new public key.
This is also similar to how client side certificates work. However, with client side certs a third part creates and signs the certs.
The problem with PublicKey/PrivateKey is that you are incharge of the private key. If YOU want to keep the encrypted stuff safe then you keep the private key safe. But, if you don't care, then you can just share your private key.
Of course, a file encrypted with a public key is tied to that key. So, you can always see what public key it was encrypted with and look it up on the key server to see who it belonged to. If the private key for that signature was being shared the key generator could be "delt" with.
BOb