[sword-devel] Sorry, I can't export sapphire.zip, but...

Michael Paul Johnson sword-devel@crosswire.org
Thu, 18 Nov 1999 16:55:26 -0700


--=====================_32579259==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 02:34 PM 11/18/99 -0800, Chris Little wrote:
>...
>Commercial text vendors should, rather, look at the security offered by 
>the SWORD/Sapphire combination.  Our encrypted texts are solidly protected 
>because the data is actually encrypted.  I'm not aware of any other Bible 
>software on any platform that offers even a modicum of decent security 
>against text unlocking without payment because they all depend on security 
>through obscurity and leave their texts themselves completely unencrypted.
>
>If Bob from Logos (he's on the sword-devel list too, for those who didn't 
>know) should take note of anything, it's that we actually have 
>security.  And hopefully it is capable of meeting the requirements of 
>Logos or other publishers who would like to start publishing in SWORD 
>format because currently it is probably the strongest security in this 
>software genre.

"Security" in the context of point of sale control is a relative term. It 
is true that the actual text is encrypted with a serious encryption 
algorithm and the key is reasonably long. Note that what is being sold is 
an electronic book, and once it is unlocked, it is no longer secured 
against piracy, except by copyright law. This is especially true in an open 
source system. Likewise, the key management is currently incomplete in 
Sword, in that one key will work for any customer. Again, there is nothing 
but copyright law to stop someone from purchasing one legitimate copy and 
giving the key to 1,000,000 of his closest friends. At least Logos takes 
steps to make such key sharing a little more difficult (but still not 
impossible). Without fully secure hardware, you can't solve the copy 
protection problem, but you can solve the point of sale control problem at 
least as well as you could with a physical store and shrink-wrapped 
packages containing a disk. Once the customer leaves your store, or 
completes a legitimate transaction on line, there is no more security. At 
least with selling Bibles, I would think that the piracy rate would be 
lower than with some other things... assuming they read them. (The Gideons 
get lots of donations from people who stole a Bible from a hotel, read it, 
got saved, then decided to pay for the book.)


--=====================_32579259==_.ALT
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
At 02:34 PM 11/18/99 -0800, Chris Little wrote:<br>
<font size=3D2><blockquote type=3Dcite cite>...</font><br>
Commercial text vendors should, rather, look at the security offered by
the SWORD/Sapphire combination.&nbsp; Our encrypted texts are solidly
protected because the data is actually encrypted.&nbsp; I'm not aware of
any other Bible software on any platform that offers even a modicum of
decent security against text unlocking without payment because they all
depend on security through obscurity and leave their texts themselves
completely unencrypted.<br>
&nbsp;<br>
<font size=3D2>If Bob from Logos (he's on the sword-devel list too, for
those who didn't know) should take note of anything, it's that we
actually have security.&nbsp; And hopefully it is capable of meeting the
requirements of Logos or other publishers who would like to start
publishing in SWORD format because currently it is probably the strongest
security in this software genre.</font></blockquote><br>
&quot;Security&quot; in the context of point of sale control is a
relative term. It is true that the actual text is encrypted with a
serious encryption algorithm and the key is reasonably long. Note that
what is being sold is an electronic book, and once it is unlocked, it is
no longer secured against piracy, except by copyright law. This is
especially true in an open source system. Likewise, the key management is
currently incomplete in Sword, in that one key will work for any
customer. Again, there is nothing but copyright law to stop someone from
purchasing one legitimate copy and giving the key to 1,000,000 of his
closest friends. At least Logos takes steps to make such key sharing a
little more difficult (but still not impossible). Without fully secure
hardware, you can't solve the copy protection problem, but you can solve
the point of sale control problem at least as well as you could with a
physical store and shrink-wrapped packages containing a disk. Once the
customer leaves your store, or completes a legitimate transaction on
line, there is no more security. At least with selling Bibles, I would
think that the piracy rate would be lower than with some other things...
assuming they read them. (The Gideons get lots of donations from people
who stole a Bible from a hotel, read it, got saved, then decided to pay
for the book.)<br>
<br>
</html>

--=====================_32579259==_.ALT--