[advocacy] Re: 1.0 Release? / CHIP 01/2002

Moritz Grimm gtgbr
Wed Dec 12 13:06:08 PST 2001 


> > > licence in place. Digital signing would offer a mechanism to make
> > > sure the right person got the commercial fees.

> > I'd appreciate something like that. But I also have some questions:
> >
> > 1. What if I lose my key, maybe due to some hardware failure? Can I
> > still prove that something is mine?
> > 2. Will it be easy to remove a signature? Imagine someone removing a
> > sig, setting the date of his computer back to something else, and then
> > resigning the tune. This person should not be able to make my tune his
> > or hers that way.
> > 3. Copyprotection in software is a laughable challenge to intelligent
> > black-hats. The digital signature should be designed in a way that even
> > black-hat ethics would be against writing tools to remove them. Is that
> > possible or plainly naive?
> > 4. Do we have the people that figure out whether such a signature would
> > be watertight in court, at least in Europe and the US?

> The only way this can reliably work is by having a trusted third party
> store the signature.  Doing any signing in an encoder running on your
> computer can maybe prove that it's yours (still breakable) but not the
> time of it's creation.  You must involve a remote computer whose clock is
> trusted.  One way, surely feasible, is to send him the file (or its
> fingerprint) and have it store and/or confirm (with its signature) the
> fact that you had this file at a given time.

Yes ... but then, this service should / would have to be free and having
a high survivability. It wouldn't be of much use if they go bankrupt
after 1-3 years. We'd need a university or so, as a CA or whatever
that's called. Anyone in here who could pull some strings...? :P

What other solutions could there be? A bold question, but could this
done by someone in the Ogg community using Xiph ressources?

Moritz


--
_______________________________________________________________________
"They who would give up an essential liberty for temporary security,
deserve   neither   liberty   or   security"  -  Benjamin   Franklin

--- >8 ----
List archives:  http://www.xiph.org/archives/
To unsubscribe from this list, send a message to 'advocacy-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Advocacy mailing list