DRM != SSL

Regarding this post about Sun's "open source DRM," a number of people have written to point out that there's such a thing as open source *crypto*, e.g., SSL, so why can't DRM also be made open source?

Here's why:

In SSL you have a sender, a recipient and an attacker. The attacker is never supposed to be in possession of the cleartext. It doesn't matter, however, if the recipient gains access to the cleartext. That's why you can have open source SSL.

In DRM you only have a sender and an attacker, who is also the recipient. DRM relies on the attacker/recipient only gaining access to the cleartext while their machine is in the grips of non-user-accessible code that restricts what they can do with the cleartext (in particular, DRM seeks to ensure that the cleartext can't be saved back to the drive while still in the clear).

If you have an open source DRM "client" or "player," then how can it keep users from modifying it to allow the saving and manipulation of the conditionally rendered cleartexts?

There has never, ever been a DRM implementation that was intended to be user-modifiable. There can't be. It's like trying to make "dry water" or "hot ice." DRM is supposed to keep users from manipulating their players. Open source is supposed to encourage users to manipulate and modify their players. They are utterly incompatible.

Crypto isn't about algorithms. Crypto is about threat-models. The threat model for SSL is a third-party eavesdropper. The threat model for DRM is that the intended recipient of the cleartext will gain long-term access to the cleartext.

Link