The technical are in the AACS Pre-recorded Video Book Specification. The digital imprimatur is called a "content certificate" (see p. 5 for overview), and is created "at a secure facility operated by [the AACS organization]" (p. 8 ). It is forbidden to publish any work without an imprimatur, and player devices are forbidden to play any work that lacks an imprimatur.Like the original imprimatur, the AACS one can be revoked retroactively. AACS calls this "content revocation". Every disc that is manufactured is required to carry an up-to-date list of revoked works. Player devices are required to keep track of which works have been revoked, and to refuse to play revoked works.
The AACS documents avoid giving a rationale for this feature. The closest they come to a rationale is a statement that the system was designed so that "[c]ompliant players can authenticate that content came from an authorized, licensed replicator" (p. 1). But the system as described does not seem designed for that goal — if it were, the disc would be signed (and the signature possibly revoked) by the replicator, not by the central AACS organization. Also, the actual design replaces "can authenticate" by "must authenticate, and must refuse to play if authentication fails".
It seems to me that there are two basic rationales for this. The first is to allow the AACS to charge rents for the privilege of recording DVDs. This lines up nicely with their encryption scheme which is designed at least partially to extract rents from the electronics manufacturers for the privilege of manufacturing DVD players.
But there's another likely reason and it's about copy protection. DVDs (and especially HD-DVDs) are too large to efficiently transfer over the Internet as-is. Most file sharing is of compressed files, which are, naturally, much smaller. Now, these compressed files won't be signed and because the compression is lossy you won't be able to reconstruct a version that matches the signature. So, at least one purpose of the signature is to stop you from playing your Internet file-shared content on a convenient platform. It won't stop you from plugging your computer into your TV, of course, but that's a much bigger pain than just burning a DVD and popping it into your standard DVD player, which you can do now.
Another attractive feature of this design (at least from the perspective of the AACS) is that it's a lot less brittle than encryption-based schemes. All of the encryption schemes are susceptible to someone extracting the keys from their DVD player. But with signature systems, the players only have the public key so cracking them doesn't do you any good. Sure, you might be able to bypass the signature checking on your own player, but that's not really something that scales that well.
Of course, the obvious downside of this strategy is that it makes it a big pain for people like you and may to burn our own DVDs. But I wouldn't be surprised if there was a solution for that. Notice that Intel and Microsoft are part of the AACS consortium. A trusted computing module would be a very convenient way to let users sign their DVDs, subject to whatever DRM restrictions are built into the platform.
According to the technical spec, discs cannot be signed by an authorized manufacturer, but only by the central AACS authority, in a secure facility run by that authority. The central authority is also the only source of revocation lists (which must be obeyed). This goes beyond what they would need in order to prevent recording of home-made content.
Also, AACS combines this imprimatur mechanism with an encryption-based mechanism designed to prevent ripping of the content. Each player device has its own key, and they use a fancy broadcast encryption scheme to handle revocation of those keys. So they don't actually avoid the drawbacks of encryption-based design.
Hmm... That centralized signing is a pretty surprising design. Hard to see why they would need that for any purpose. Even if they wanted to charge per disk, it would be easy to make tamper-resistant CAs to give to the manufacturers.
Re: encryption based designs. This was unclear writing on my part. What I meant was that it wasn't *only* an encryption based design. The encryption makes it (ostensibly) harder to rip content and the signing makes it hard to play ripped content on your commodity player. Seems like a defense in depth strategy.
So, you're able to burn your own HD-DVD discs for data, but not to be played on store-bought machines? What a great design, as long as you're neither a seller or user of store-bought HD-DVD players....
--John
Well, as I indicated, I rather expect either NGSCB or Intel's new DRM to somehow let you fab DVDs that can be played on store-bought players, no doubt provided that they were made with tools that somehow "guarantee" that this isn't pirated material....
Does this mean there's going to be a black market in "unchained" players--ones where the signature check has been removed? Much like the satellite decoder boxes of old.
'A trusted computing module would be a very convenient way to let users sign their DVDs, subject to whatever DRM restrictions are built into the platform.'
Wow, this could be quite hard for them to implement -- how do you expect them to do this? Some kind of device driver installed to the TCM which performs limited signing of disk images, which then has a "userspace" Windows UI? I wonder how they expect to stop attackers from using that signature driver to sign pirated movie images.
btw, love the use of the term 'imprimatur'. perfect description. censorship through copyright control...