[sword-devel] encryption and integrity checking.

David Haslam d.haslam at ukonline.co.uk
Wed Mar 11 06:42:59 MST 2009 

I have received very similar enquiries when discussing things with Bible
Societies and Translation Agencies.

This is really several distinct topics rolled up into one, but which should
really be distinguished from one another.

- Provenance = ensuring that the text used by CrossWire to make a SWORD
module has a demonstrable and traceable correspondance to that published by
the copyright owner.

- Authenticity = ensuring that users can verify that the text they have as a
SWORD module is really identical to what was published by CrossWire.

- Security = ensuring that communication protocols are not compromised such
that third parties can intercept and understand, and even modify information
that should remain private to sender and recipient.

- Copy-protection = mechanisms to prevent copying of "locked content" for
copyrighted works.

Encryption primarily tackles the security topic, but also has a bearing on
the authenticity topic, but not in the same manner. 

Certification primarily tackles the authenticity topic, but also relies on
cryptographic techniques.

As for CrossWire, not yet using a paid for certification authority like
Verisign, we leave some of our operations open to interference by malicious
third parties. We ourselves trust one another, as we would expect to do as
an open-source community of volunteers working together to achieve shared
goals.  Do we recognise that being in a spiritual warfare, the enemies of
the Word of God may stoop to all manner of craftiness and deceipt to undo or
undermine our work?

Solutions to the fourth topic are likely to be expensive to implement in
such a way that reverse engineering of the methods is rendered improbably
difficult compared to the resources available in the timespan of the
universe. After all the music/entertainment industry is spending huge sums
to protect their revenue stream, and they still get cracked by the
ingenious.

I guess many of us are not so well read on computer security issues and
related topics as we are on computer programming and Bible software.  For
informative and entertaining insights into these things, I recommend folk
listen to the weekly podcasts by Steve Gibson and Leo Laporte on Security
Now! available at  http://grc.com/ http://grc.com/ 


-- David




-- 
View this message in context: http://www.nabble.com/encryption-and-integrity-checking.-tp22451086p22455372.html
Sent from the SWORD Dev mailing list archive at Nabble.com.

More information about the sword-devel mailing list