[advocacy] Re: 1.0 Release? / CHIP 01/2002

Moritz Grimm gtgbr at gmx.net
Wed Dec 12 09:20:29 PST 2001



Daniel James wrote:
> I still think we need to nail down the 'security' question. Could
> there be an Ogg encoder with GnuPG support to vorbize and sign files
> in one operation? Then we could pose the question to musicians 'does
> the 'secure' format you are using allow you to personally sign your
> internet releases, or does it just stop people from listening to it?'
> 
> Let's assume there's a free for personal use/fee for commercial use
> licence in place. Digital signing would offer a mechanism to make
> sure the right person got the commercial fees.
> 
> Take the case of Moby. One of his tunes, or something that sounded
> just like it, got used in a car advert without permission and he sued
> (and won). A signed file could help prove that a track was released
> before a certain date (and by whom), even if it was never issued on
> CD.

I'd appreciate something like that. But I also have some questions:

1. What if I lose my key, maybe due to some hardware failure? Can I
still prove that something is mine?
2. Will it be easy to remove a signature? Imagine someone removing a
sig, setting the date of his computer back to something else, and then
resigning the tune. This person should not be able to make my tune his
or hers that way.
3. Copyprotection in software is a laughable challenge to intelligent
black-hats. The digital signature should be designed in a way that even
black-hat ethics would be against writing tools to remove them. Is that
possible or plainly naive?
4. Do we have the people that figure out whether such a signature would
be watertight in court, at least in Europe and the US?

> > One last thing about group-3-compliant guides to Ogg, I will look a
> > little into this ... maybe I get a nice idea and make a German and
> > an English version.
> 
> I suggest working with MandrakeSoft. They support .ogg (mentioned
> alongside mp3 in the splash screens of their Linux installer, by the
> way) and do some excellent step-by-step graphical tutorials for
> beginners.

Huh, well, I rather thought about starting out with a website or so
where people from everywhere can be directed to, with nice screenshots
and simple explanations in bold, easy to read letters. :)

Unfortunately, I'm pretty short on time these days and even more around
christmas. It would be premature of me to say that I could start a big
Ogg for Dummies documentation project right now. But I do promise to
look into it as soon as possible.

Moritz


-- 
_______________________________________________________________________
"They who would give up an essential liberty for temporary security,
deserve   neither   liberty   or   security"  -  Benjamin   Franklin

--- >8 ----
List archives:  http://www.xiph.org/archives/
To unsubscribe from this list, send a message to 'advocacy-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.




More information about the Advocacy mailing list