[advocacy] Re: 1.0 Release? / CHIP 01/2002

Moritz Grimm gtgbr
Wed Dec 12 13:06:08 PST 2001

> > > licence in place. Digital signing would offer a mechanism to make
> > > sure the right person got the commercial fees.

> > I'd appreciate something like that. But I also have some questions:
> >
> > 1. What if I lose my key, maybe due to some hardware failure? Can I
> > still prove that something is mine?
> > 2. Will it be easy to remove a signature? Imagine someone removing a
> > sig, setting the date of his computer back to something else, and then
> > resigning the tune. This person should not be able to make my tune his
> > or hers that way.
> > 3. Copyprotection in software is a laughable challenge to intelligent
> > black-hats. The digital signature should be designed in a way that even
> > black-hat ethics would be against writing tools to remove them. Is that
> > possible or plainly naive?
> > 4. Do we have the people that figure out whether such a signature would
> > be watertight in court, at least in Europe and the US?

> The only way this can reliably work is by having a trusted third party
> store the signature.  Doing any signing in an encoder running on your
> computer can maybe prove that it's yours (still breakable) but not the
> time of it's creation.  You must involve a remote computer whose clock is
> trusted.  One way, surely feasible, is to send him the file (or its
> fingerprint) and have it store and/or confirm (with its signature) the
> fact that you had this file at a given time.

Yes ... but then, this service should / would have to be free and having
a high survivability. It wouldn't be of much use if they go bankrupt
after 1-3 years. We'd need a university or so, as a CA or whatever
that's called. Anyone in here who could pull some strings...? :P

What other solutions could there be? A bold question, but could this
done by someone in the Ogg community using Xiph ressources?


"They who would give up an essential liberty for temporary security,
deserve   neither   liberty   or   security"  -  Benjamin   Franklin

--- >8 ----
List archives:  http://www.xiph.org/archives/
To unsubscribe from this list, send a message to 'advocacy-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Advocacy mailing list