1997-06-12 - Re: PKCS-11 vs. CDSA APIs

Header Data

From: Dave Emery <die@pig.die.com>
To: shamrock@netcom.com (Lucky Green)
Message Hash: d58812a76cf68ab48194eed920d38d509812ef5a7bb622a5708571e4803b6fe3
Message ID: <199706120731.DAA04752@pig.die.com>
Reply To: <3.0.2.32.19970611230521.03bfe44c@netcom13.netcom.com>
UTC Datetime: 1997-06-12 07:41:40 UTC
Raw Date: Thu, 12 Jun 1997 15:41:40 +0800

Raw message

From: Dave Emery <die@pig.die.com>
Date: Thu, 12 Jun 1997 15:41:40 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: PKCS-11 vs. CDSA APIs
In-Reply-To: <3.0.2.32.19970611230521.03bfe44c@netcom13.netcom.com>
Message-ID: <199706120731.DAA04752@pig.die.com>
MIME-Version: 1.0
Content-Type: text



Lucky Green wrote :

> 
> Furthermore, as William has mentioned in the past, encrypted instruction
> sets make decompiling and thereby reverse engineering the application next
> to impossible.

	Perhaps he has, but I believe I was the one to post about it
first.

	As you know, my fear is magic stuff in OS inner rings that
enforces social policies and perhaps also provides "sovereign right of
lawful access" to you know who...

	Encrypted code may be very difficult to decrypt, and if the OS
controls key management also nearly impossible to modify (presuming that
the encryption is not just XOR'd with the instruction stream  which
would allow trivial modification once the instructions were decrypted). 
That combination is nice for copyright enforcement, but sure has some
nasty other uses and is a fundemental enabling technology for such
future statist possiblities as restrictions on running modified or
unapproved software without a license to do so - a software developers
license say, or the old Internet drivers license. 

	I am sure that many businesses would be very happy if all their
PCs would only allow software that management approved to run - there
would be a huge market for such in fact... and probably a lot of the
public would willingly buy machines that would only run approved
software if they could pay less for the software or access first run
movies or other candy unavailable on free machines.

	It is really hard to think of a way of controlling what  the
sheeple do with their computers that does not depend on  hard encrypted
code in both OS and application - code that is decrypted only inside the
silicon of the CPU with precautions taken to make access to the
decrypted streams very difficult and expensive for hardware probers. 
Years of trying other methods have failed to produce something practical
from a cost and security standpoint; there are just too many smart and
persistant people around who will find a means of attacking anything
that is exposed.   

	But it is also obvious that there are billions of dollars in
revenue lost to software  pirates and additional sales of copyright works
that don't happen because the owners aren't happy if it is even remotely
possible to obtain pirate copies.  And money talks, and with those levels
of dollars involved one can expect a lot of things to happen, especially
in the current DC climate, and with the possiblity that such technology
will both provide the protection of intellectual property that the
big money interests want and the social control and surveillance that
the fascists want.

	The good part is that making the whole thing adaquately secure
is very hard and the attempt may fail,  the bad thing is that there very
well may be draconian laws that make any attempt to understand or 
modify the code running on one's computer a serious felony and people
may be locked up for years for just trying to determine what a program
is doing to them.  There have already been attempts to create these
laws.

	But I've said much of this before...

							Dave Emery
							die@die.com
							Weston, Mass.






Thread