Can anyone on the list speak to MS's long term strategy, and rough
timeline, for fixing the current DRM (in light of apparently trivial DRM
removal tools)? Is there another, better (long term) fix expected, or
does MS believe the current design would not allow it (achilles heel
syndrome)?
Thanks,
-Ken
ps - please, please avoid the temptation to claim it is not broken; if a
witting end-user can remove all the protections we place on the media,
then we are not much better off that using password-protected, payed
downloads. Especially with hi-value media. Point in fact.
Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

ps - please, please avoid the temptation to claim it is not broken; if a
witting end-user can remove all the protections we place on the media, then
we are not much better off that using password-protected, payed downloads.
Especially with hi-value media. Point in fact.

You will never, ever, be able to eliminate piracy of audio, video, or
documentation.

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

The reality is if you don't have a license key you can't remove the DRM.
The encryption itself is strong.

However the weakness of this style of DRM is that in order for a user to
playback content offline their system must maintain a decryption key to
decode the DRM. Now the key's themselves are encrypted inside the key
store, but the flaw in this is that code that decrypts the key store can be
debugged and reverse engineered without too much trouble just by watching
WMP. Even the changes made for a secure media path in Vista using Media
Foundation can't solve the problem that at some point the decryption key
will be present on the user's system.

So I don't see how it can ever be permantly fixed.

Just my 2 cents.
-Chris

10/18/06, Ken <wm-user (AT) kensystem (DOT) comwrote:

Can anyone on the list speak to MS's long term strategy, and rough
timeline, for fixing the current DRM (in light of apparently trivial DRM
removal tools)? Is there another, better (long term) fix expected, or
does MS believe the current design would not allow it (achilles heel
syndrome)?

Thanks,
-Ken

ps - please, please avoid the temptation to claim it is not broken; if a
witting end-user can remove all the protections we place on the media,
then we are not much better off that using password-protected, payed
downloads. Especially with hi-value media. Point in fact.

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

telmnstr@RG wrote:
>ps - please, please avoid the temptation to claim it is not broken;
>if a witting end-user can remove all the protections we place on the
>media, then we are not much better off that using password-protected,
>payed downloads. Especially with hi-value media. Point in fact.
>
You will never, ever, be able to eliminate piracy of audio, video, or
documentation.

Fundamentally, I agree. Especially in a system where the users can gain
access to in-memory keys, or access to the unencrypted/un-obfuscated
output (e.g analog). Theoretically a fully hardware (in-chip) solution
can be much, much more formidable, though nothing is impossible (for
those banking on it). And pointing a video camera at an computer screen
is a diminished quality capture, anyway.

Nonetheless, some of us (our customers) do depend on the current DRM to
offer a "higher" level of protection than mere access control. That is
why I pose the question.

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

Chris Parsons wrote:
The reality is if you don't have a license key you can't remove the
DRM. The encryption itself is strong.
Yes, though from a high level author/provider perspective, and even the
end user's, the license is akin to a per-user, password protected file
on a website, where you have to pay before getting it. It's a tokenized
access control. a DRM license requires basically the same
prerequisites (payment and authorization). With the current DRM, it
again is a matter of trust once the user has the media if they know-of
and intend to 'free' it from playsforsure, the license/crypto is moot,
only their original payment for the license mattered.

However the weakness of this style of DRM is that in order for a user
to playback content offline their system must maintain a decryption
key to decode the DRM. Now the key's themselves are encrypted inside
the key store, but the flaw in this is that code that decrypts the key
store can be debugged and reverse engineered without too much trouble
just by watching WMP. Even the changes made for a secure media path
in Vista using Media Foundation can't solve the problem that at some
point the decryption key will be present on the user's system.

So I don't see how it can ever be permantly fixed.
Yes, this is the big challenge MS faces and yet in the past they've
made (if only implied) high assurances of protection, so there's allot
of deep thinking by us users.

I wonder if this spells the end of software based DRM (if MS would
officially acknowledge its limitations), or if MS believes they can fix
this, or create yet another (no doubt incompatible) solution (e.g Intel
on-chip crypto).

Just my 2 cents.
-Chris

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

Wed, 2006-10-18 at 11:01 -0400, telmnstr@RG wrote:
ps - please, please avoid the temptation to claim it is not broken; if a
witting end-user can remove all the protections we place on the media, then
we are not much better off that using password-protected, payed downloads.
Especially with hi-value media. Point in fact.

You will never, ever, be able to eliminate piracy of audio, video, or
documentation.

And you will never, ever make WMP DRM secure unless some sort of secure
memory or trusted computing platform is implemented.

I find the state of PC-based DRM interesting in comparison to
broadcast-based CA and DRM. In the broadcast world, a little piracy is a
good thing, since it enables the CA/DRM provider to generate some
revenue, make new releases, and hit the criminals with the feds. It is
possible to save face with the customer and the consumer. Maybe it is
because of the grey area where one still has a chance to disable the
clueless pirates with some ECMs, who knows. In the PC world, the
complete opposite is in force - if you slip up once, you are labeled as
dirt in the press, the pirates sneer, and fixes to eliminate the problem
go unnoticed by all. , when it is broken, it is truly broken,
and it is much harder to 'force' PC users to update than a 'dumb' STB.

Cheers
Kon

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

Wed, 2006-10-18 at 09:24 -0600, Ken wrote:
I wonder if this spells the end of software based DRM (if MS would
officially acknowledge its limitations), or if MS believes they can fix
this, or create yet another (no doubt incompatible) solution (e.g Intel
on-chip crypto).

Button chips are a joke. The Digicipher system proved this first hand.
have tried and also failed. Secure memory and processing such as
a processor smartcard are the only way to go.

course the ideal situation would be a processor smartcard running on
a system using secure memory and trusted computing platform, where only
the trusted platform has access to the smartcard interface, right from
the BIS stage upwards. And that would have to be paired with secure
video path, right to the GPU output.

All of this assumes that your content is 100% secure, and that someone
running winice to monitor the loader app won't have any luck finding any
exploits.

Paranoia paranoia

Cheers
Kon

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

Button chips are a joke. The Digicipher system proved this first hand.
have tried and also failed. Secure memory and processing such as
a processor smartcard are the only way to go.

course the ideal situation would be a processor smartcard running on
a system using secure memory and trusted computing platform, where only
the trusted platform has access to the smartcard interface, right from
the BIS stage upwards. And that would have to be paired with secure
video path, right to the GPU output.

All of this assumes that your content is 100% secure, and that someone
running winice to monitor the loader app won't have any luck finding any
exploits.

Paranoia paranoia

Cheers
Kon

Good points. The entire chain must be protected. Set top box's are the
closest we have right now, and PCs are the antithesis. STBs have
typically been defeated in the past, only because there were publicly
accessible "service modes", or links between silicon that could be
eavesdropped-on. black-boxes seem like the only way to go.

Hmm, make one wonder if this is the reason MS created Zune, and is not
making it playsforsure compatible ;-)

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

Wed, 2006-10-18 at 10:26 -0600, Ken wrote:
Good points. The entire chain must be protected. Set top box's are the
closest we have right now, and PCs are the antithesis. STBs have
typically been defeated in the past, only because there were publicly
accessible "service modes", or links between silicon that could be
eavesdropped-on. black-boxes seem like the only way to go.

Black boxes are never the way to go, if by black box you mean
obfuscation slash 'lets pray noone figures this spaghetti out'. Most
STBs have in fact not been broken. Their smartcards have been worked
around but never compromised (well I'm sure some vendors have fared
worse than others).

Hmm, make one wonder if this is the reason MS created Zune, and is not
making it playsforsure compatible ;-)

Playsforsure was always a joke. Just ask any kid with an MP3 player. I
usually hear some cusswords inserted in there :)

Cheers
Kon

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

10/18/06, Ken <wm-user (AT) kensystem (DOT) comwrote:

Good points. The entire chain must be protected. Set top box's are the
closest we have right now, and PCs are the antithesis. STBs have
typically been defeated in the past, only because there were publicly
accessible "service modes", or links between silicon that could be
eavesdropped-on. black-boxes seem like the only way to go.

Hmm, make one wonder if this is the reason MS created Zune, and is not
making it playsforsure compatible ;-)

Secure video path in WMF helps this somewhat by delivering data encrypted
directly to the GPU hardware. However they can't yet turn on the
requirement for a secure video path from the GPU to the display as such
systems aren't in wide deployment yet, as well as the requirement to support
legacy hardware. WMV-HD and Bluray have the same issue with legacy analog
video paths but they plan to phase out support of analog. The same would
have to happen on the PC but it would meet a lot more resistance.
-Chris

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

have tried and also failed. Secure memory and processing such as
a processor smartcard are the only way to go.
course the ideal situation would be a processor smartcard running on
a system using secure memory and trusted computing platform, where only
the trusted platform has access to the smartcard interface, right from
the BIS stage upwards. And that would have to be paired with secure
video path, right to the GPU output.

DVI chipset removed from display -RAM <- MPEG encoder -storage

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

Wed, 2006-10-18 at 13:06 -0400, telmnstr@RG wrote:
have tried and also failed. Secure memory and processing such as
a processor smartcard are the only way to go.
course the ideal situation would be a processor smartcard running on
a system using secure memory and trusted computing platform, where only
the trusted platform has access to the smartcard interface, right from
the BIS stage upwards. And that would have to be paired with secure
video path, right to the GPU output.

DVI chipset removed from display -RAM <- MPEG encoder -storage

And your DVI being unprotected would be limited to 480p or whatever the
studio has set for the maximum output resolution.

SVP doesn't stop at the GPU.

Cheers
Kon

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM

And your DVI being unprotected would be limited to 480p or whatever the
studio has set for the maximum output resolution.
SVP doesn't stop at the GPU.

There is a DVI revision that handles the DRM. I'm aware it exists but
don't know the exact spec.

It's the reason why my high end analog CRT projection setup in my home
theater won't play with new DRM crippled HD DVD standards. well! I
guess they get no money from me. Standard definition DVD looks fine
(upscaled by Windows XP host). 720P rips pulled from internet look better.
System isn't really fast enough to do 1080P compressed content.

I do not like the crazy HD content restrictions. Go too far, and you end
up with another Minidisc/DAT SCMS style fiasco.

Users Guide
contains important info. Save time, search the archives at
.
To unsubscribe, mailto:WMTalk-signoff-request (AT) DISCUSSMS (DOT) HSTING.LSFT.CM