2.6.10 Protected Entertainment Rights Management (perm) Bof

Current Meeting Report


IETF-60
PERM

Mark/Thomas - Intro and Overview (see Aug-2a-Welcome.pdf)
The agenda was shown and agreed to.
Mark gave an overview of the goals and guidelines for the meeting.
Fewer than a half-dozen of the ~70 participants had read the PERM I-D
Comment: what is unique about PERM vis a vis other IETF key establishment protocols?
Response: It is possible that other IETF protocols can replace the custom protocols that are used by PERM and this is an activity identified in the charter.
Discussion followed on the role of open standards in home entertainment networks and the suitability of security protocols in this environment
The BOF chairs suggested that we move on to the PERM overview since few had read the I-D.

John Gildred - PERM Overview (see Aug-2b-JGildred.pdf)
John described the motivation of Pioneer and consumer electronic vendors to develop an open-standard protocols for exchanging content works on home networks.
PERM has been developed over 3 years and germinated in the DENi consortium
The companies and individuals involved in the effort include IT, consumer electronics, network service providers, and network equipment vendors.
PERM is general to IP networks including home networks and content providers on the public Internet
PERM reference configuration shown and the technical features presented.
Comment: is the content key packaged with the content work or obtained separately?
Response: It's done both ways, in a zone, the key might be obtained separately
Comment: What makes you think that this application can be treated as a security application?
Response: Mark is going to address that topic next.
Comment: what about user certificates, smart cards in the user profile?
Response: PERM uses a certificate authority but PERM devices could use smart cards much like the OpenCable POD
Comment: PERM rotates keys but the rate of rotation is not discussed. This is an operational issue that cannot be left to policy since it is an open-ended performance requirement that will greatly affect interoperability.
Response: This is a broadcast TV requirement only. Yes, an upper-bound on the rate of key rotation will need to be specified.
Discussion followed that included questions on PERMs delivery methods and encapsulation.
A few participants questioned why a new set of protocols were needed to estabish keys, maintain a secure group, discover service, etc. John responded that the PERM team wants to evaluate the substitution of IETF protocols for elements of procedure found in the current PERM I-D. The PERM team wants IETF participation to ensure that PERM uses the best technology and fits in with other standard Internet protocol and services.

Mark Baugher - PERM as a Security Protocol (Aug-2c-MBaugher.pdf)
Mark described an alternative to copy protection that relies on the security relationship between the provider and the consumer. In this relationship, rights management and licensing concerns are part of the provider/consumer relationship that includes privacy, service fulfillment, and adherence to other legal statutes.
Comment: You did not present a threat model in any of the presentations so far so it is not clear what it is that the security relationship is meant to protect.
Response: We should have done that.

John Card - PERM in satellite home networks
Rationale was given for PERM in a connected home network
Connected home network - know how to get content onto the edges of the home network
Service providers need an open-standard means of signaling the legal and contractual requirements associated with content works that are delivered to the home.

Joseph Chou - PERM and DRM systems (see Aug-2e-JChou.pdf)
We did not have time to complete this presentation but had to move on to the summary discussion and the proposed PERM Charter.

Mark Baugher - PERM Charter (Aug-2a-Welcome.pdf)
The proposed charter has two phases. The first phase is to develop a PERM framework in which we evaluate what IETF protocols for key management, service discovery, group management, and etc. could be used to replace existing procedures that are used in PERM. It is not a foregone conclusion that existing procedures will or will not be replaced with standards. The WG will consider the pros and cons of such replacement in every case. Following this effort, the PERM draft will be edited or re-written. We would like to complete the specification process at the end of 2005.
Discussion followed on the aggressiveness of the schedule.

Steve Bellovin/Russ Housley led a discussion to gauge the sentiment of the ~70 meeting participants pro or con for chartering a PERM WG. About 20% were in favor, about 30% opposed, and about 50% were undecided.

Slides

Agenda
Protected Entertainment Rights Management
Rights Management in a Security Framework
PERM in satellite home networks
Security and DRM