Can't seem to get to this...
>There are some changes required to HTML+ for security. These include the
>use of logos and trademarks in a defined area that does not scroll. We
>also have to support writing "Top Secret" or "Confidential" in this area.
>The linking of DNs to trademarks is an issue.
>
>Whenever you get a copy of WiReD you know it is genuine because it has the
>trademark stamped on the front cover. Misuse of a trademark is a criminal
>act in many countries when the intent is counterfeiting.
>
>|>> For
>|>> example: Say Encyclopedia Britannica was online. How could they charge
>|>> people for using it?
>|>
>|>Actually, they are setting up an online service (www.eb.com?). I
>|>think the model they are using is to sell the service to institutions
>|>(universities, etc) and use access control restricted to
>|>*.berkeley.edu, for example. However, if any server in that domain
>|>has open proxying supported (as the CERN server does - does NCSA's?)
>|>then *anyone* can get that information, as the proxy service is open
>|>to anyone (or is it configurable?).
>
>There will be support for prohibit copy, prohibit cache etc.
I assume that when you say "prohibit" you mean "request that it not be
done"? This brings up the whole interesting issue of whether it is
irresponsible to create something that provides the appearance of
security without actually providing it. If publishers send
information out onto the wire, people will be able to copy it and give
it away. If they are under the illusion that they can do anything
more than make it inconvenient to do so, well...
I think this problem pretty much goes away if you price your
information appropriately and in small chunks. How much time would
you waste searching for a old pirated copy of the Britanica entry on
Uganda if you could get the authoritative, up-to-date entry from the
source for only $1?
>|> I see this as analogous to the
>|>easily-forgeable sendmail problem awhile back, which was solved via
>|>the enlightened self-interest of the sendmail authors to enable
>|>complete tracing, so that unauthenticated mail could never be fully
>|>anonymous.
:-)
>The issue of support for proxying etc is being thought of but we are
>not there yet. The big question is about the level of trust you place
>in the client. In any copyright protection system you have to put some
>faith in the user and client.
Designing clients to they are trustworthy necessarily means designing
clients so they are not powerful and extensible. There's a real
trade-off involved in how much we're willing to cripple client
software in order to provide a false sense of security to existing
publishing entities clinging to old ways.
-- <A HREF="http://www.cs.indiana.edu/hyplan/mvanheyn.html">Marc VanHeyningen</A>