[sword-devel] what problem are you trying to solve? (Re: encryption and integrity checking.)

Troy A. Griffitts scribe at crosswire.org
Wed Mar 11 07:33:08 MST 2009 

Yes, I echo Karl's response.  In all of the many conversations I have 
had with publisher, when they ask how we support 'paid' modules, I tell 
them of our current system:

encrypt the text with 128-bit key.
supply the single key to the publisher to sell as they would like, which 
unlocks the module for the user.

The only resistance I've heard (which I can remember) is something like: 
  Is there a way to supply different keys to each user?  To which I 
reply, sure, we'd be happy to provide the tool for encrypting the 
module; you can generate your own key, per user, use the tool to encrypt 
the text differently for each user, and distribute the text and key 
combination when a user purchases the text.

I've not had any issues with publishers in this regard and I personally 
believe short of a centralized DRM server which keeps track of all users 
and which modules they've purchased, we will not be able to do more 
regarding the DRM, and ultimately will not be able to satisfactorily 
solve an issue industries greater than ours have failed to do.

Peter, specifically is there an issue we might be able to help resolve 
for a specific content provider?

David is correct that there are many types of issues involved here.  One 
which we might be able to resolve is assurance that a redistributable 
text is actually what left our server, and has not been modified.

	-Troy.



Karl Kleinpaste wrote:
> I wonder why we stress so much over encryption and avoidance of copying,
> right down to copy/paste.  Nobody else does.
> 
> Libronix, which I believe has the strongest per-user license mechanism
> and encryption facility in any Bible software today, nonetheless makes
> it possible to copy/paste in such a manner that even Bible footnotes are
> preserved with proper formatting when pasting into Word.  I've
> experimented with this myself, when the question arose elsehow quite
> some time ago.  This is DM's problem #3, and it is not only an unsolved
> problem in Libronix, it is not even addressed -- indeed, one could say
> that it is facilitated in the opposite direction, because Libronix helps
> make exactly that form of copying look better, whole chapters at a time,
> possibly whole books at a time.
> 
> Why is this such a larger issue for our apps than it is for Libronix?
> If publishers are balking at making modules available for Sword
> applications, what is their argumentative basis?  Given the utter,
> complete lack of any actual protection scheme in e-Sword modules, and
> yet with e-Sword having support of a number of modules available that we
> have not been able to secure (esp. NIV), what exactly is the problem in
> need of address, and why have we failed to make a case when in fact we
> do have an encryption scheme that is far superior to e-Sword?  (Yes, you
> may feel free to whine about the manner of key storage in most Sword
> apps.  That is a distraction.  Please address the core problem.)
> 
> A while back, a passage exporter was implemented for Xiphos.  A request
> came along that we reduce the available scope of export, so as to
> prevent excess copying.  I disabled the "whole book" option, leaving
> chapter and verse export in place, but I didn't like doing so and I
> truly don't see the point and I have no idea who is out there that could
> be convinced that we have saved anyone anything by having done so.
> 
> Please tell me why Sword applications are so "special," compared to
> Logos and e-Sword.  Until there is an answer to that question, all the
> complex technical solutions to what is potentially a non-problem don't
> mean a thing.
> 
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

More information about the sword-devel mailing list