[Matroska-devel] Re: Compromise Encryption Proposal

Joseph Ashwood ashwood at msn.com
Fri Jan 27 01:46:05 CET 2006

Before I begin I'm going to start to use the more precise auth^2 and auth^3 
terminology. these refer to User Authentication and User Authorization in 
the case of auth^2, and User Authentication, User Authorization and File 
Authentication in the case of auth^3. As we are getting deeper into the 
design more precision is becoming necessary.

----- Original Message ----- 
From: "Paul Bryson" <paul at msn.com>
Subject: [Matroska-devel] Re: Compromise Encryption Proposal

> I would strongly resist the temptation to change the basic structure of 
> the how the format works right now.  I'm guessing this would require a lot 
> of rewrite of current parsers to support instead of possibly adding 
> another layer for data to pass through.

I've agonized over this myself for quite some time, here's the conclusion I 
reached. The current generation of parsers will still work with my proposal, 
they just won't be able to play DRMd files, which is kind of the point of 
DRM, so it doesn't really cange anything since everything I've requested is 
optional, with implied values that make no difference (e.g. NullTransform). 
Additionally, it is entirely possible that VLC and Haali's Splitter (as far 
as I can tell the most popular splitters) will never support DRM, for any 
number of reasons outside of technology. For this reason, it is my opinion 
that it does not actually change anything for the current parsers, unless 
they choose to support the auth^3 design.

> It sounds like the primary reason you want to add this is to prevent 
> "hints" from being given away by context of the container.

Actually, most of this is to push from auth^2 required for DRM, to auth^3 
required for auditing. This move is useful in only limited context, and is 
why I implied, but did not state openly as I am now, that only very high end 
splitters/decoders would need to be able to handle the reinterpretation 
portion. Such splitters would only be necesary for audit viewing purposes, 
and the ability to use a standard format with public analysis of the 
security makes this far more usable. As a major side benefit, the auth^3 
model can actually prevent attacks on the splitter, as the splitter can be 
written to only process authenticated files.

More information about the Matroska-devel mailing list