[sword-devel] what problem are you trying to solve? (Re: encryption and integrity checking.)
dmsmith at crosswire.org
Wed Mar 11 07:38:59 MST 2009
Karl Kleinpaste wrote:
> I wonder why we stress so much over encryption and avoidance of copying,
> right down to copy/paste. Nobody else does.
After I sent my reply, I thought more about what I wrote. Aren't second
thoughts wonderful? :)
All of the things I said have one basic assumption, which I overlooked
and needs to be stressed:
The only way a locked module can be hacked is to have a key in the first
place. I think we can have confidence in the security of the encryption
that the key cannot be hacked (any more than some other method of
We don't manage keys. The provision of a key is the responsibility of
the publisher. Presumably, the publisher has some means of protecting
their distribution of the key.
The responsibility of not sharing the key lies with the user.
I think that our responsibility lies in the management of the keys such
that the user does not accidentally share the key. Perhaps the key and
the module should be kept separate.
> Libronix, which I believe has the strongest per-user license mechanism
> and encryption facility in any Bible software today, nonetheless makes
> it possible to copy/paste in such a manner that even Bible footnotes are
> preserved with proper formatting when pasting into Word. I've
> experimented with this myself, when the question arose elsehow quite
> some time ago. This is DM's problem #3, and it is not only an unsolved
> problem in Libronix, it is not even addressed -- indeed, one could say
> that it is facilitated in the opposite direction, because Libronix helps
> make exactly that form of copying look better, whole chapters at a time,
> possibly whole books at a time.
I don't think #3 can be solved at all. Even with a paper book, I can
copy pages at will.
> Why is this such a larger issue for our apps than it is for Libronix?
> If publishers are balking at making modules available for Sword
> applications, what is their argumentative basis? Given the utter,
> complete lack of any actual protection scheme in e-Sword modules, and
> yet with e-Sword having support of a number of modules available that we
> have not been able to secure (esp. NIV), what exactly is the problem in
> need of address, and why have we failed to make a case when in fact we
> do have an encryption scheme that is far superior to e-Sword? (Yes, you
> may feel free to whine about the manner of key storage in most Sword
> apps. That is a distraction. Please address the core problem.)
> A while back, a passage exporter was implemented for Xiphos. A request
> came along that we reduce the available scope of export, so as to
> prevent excess copying. I disabled the "whole book" option, leaving
> chapter and verse export in place, but I didn't like doing so and I
> truly don't see the point and I have no idea who is out there that could
> be convinced that we have saved anyone anything by having done so.
> Please tell me why Sword applications are so "special," compared to
> Logos and e-Sword. Until there is an answer to that question, all the
> complex technical solutions to what is potentially a non-problem don't
> mean a thing.
> sword-devel mailing list: sword-devel at crosswire.org
> Instructions to unsubscribe/change your settings at above page
More information about the sword-devel