[33] in WWW Security List Archive
Copyright (was GSS API)
daemon@ATHENA.MIT.EDU (Christian L. Mogensen)
Tue Aug 16 20:06:51 1994
From: "Christian L. Mogensen" <mogens@CS.Stanford.EDU>
To: rmasse@cnri.reston.va.us (Roger Masse's the named)
Date: Tue, 16 Aug 1994 13:22:38 -0700 (PDT)
In-Reply-To: <9408161531.aa14041@CNRI.Reston.VA.US> from "Roger Masse's the named" at Aug 16, 94 03:31:40 pm
Roger Masse's the named writes:
[chomp]
> I assume the server sends an encrypted copy of the requested
> document to the client to avoid unauthorized access to the
> document via a sniffing attack?
Not necessarily - encryption and signing documents are on orthogonal
axes - payment methods are orthogonal to these (ie: on the Z axes)
> I like this approach, simple separation of tasks. However isn't
> this only solving the easy problem? The tip of the Iceburg?
Iceburg - a small town in VA? :-)
[snip - ease of bitcopy versus difficulty of paper copying]
> The $100,000 dollar question...
> What do we build that would have sufficient security to convince
> the majority of potential service providers that we have made
> it sufficiently difficult for someone with copyright infringment
> intent, who has (as per Jeff's algorithm) bought-and-paid-for
> a legitimate electronic copy, from distributing illegal copies?
A different problem entirely, one which currently has no technical
solution. Look at the (extreme) example of Gibson's poem - an
encrypted file that destroyed itself after being read - it took a
few weeks before the text was on the net.
A better solution (IMHO) here is for traditional contracts specifying
what you can and cannot do with a text, much the same way a book does
now: may not be stored in a retrieval system.
For another approach, read this month's Wired magazine for the story
on Super-Distribution - which embraces the ease of bit-copying as
the foundation of a new system - charge per use, rather than per copy.
Christian "Is this topic-drift or what?"