Quote:
Originally Posted by xyz987
Good clarification. Note however I am using the term "master tree" in the same sense spec uses it. Spec says that a set of Device Keys can derive any key of master tree (except a handful of them). The tree you call "master tree" doesn't comply this.
|
The "master tree" for all possible devices is different from the "master tree" for any single device with a set of device keys. I just wanted to point out that we were referring to the larger tree. Maybe we should call the larger tree the "master master tree?"
Quote:
|
I am following spec. The keys of any subtree are different than the keys of the master tree. A subtree is not "a portion of the master tree", it is another tree with another keys.
|
Again, I am just trying to get consistent terminology - nodes are parts of trees. Multiple keys are assigned to each node. There is only one large master tree with nodes below the root. In your convenient numbered tree, node 4 is node 4 for the entire tree (rooted at node 1), and for the subtree rooted at 2 and for the subtree rooted at 4 - it's always node 4. Yes, one can think of trees of keys, and the keys assigned to node 4 are different for each of those subtrees, I just think it's easier to look at nodes and subtrees of nodes that are part of the master tree.
Quote:
|
Your opinion about the 512 MKB entries has a problem: the very first PK any attacker in the wide world got (arnezami's PK) is valid to decrypt the very first C-value of MKB. A great coincidence, isn it?
|
I presume it's because they put the software players into the first subtree. They made the first S-D set as big as possible (all except one device). The first C-value is the media key encrypted with the processing key for that first S-D set. It does not seem like a coincidence to me.
Quote:
|
They are still on master tree, just because they have not revoked yet a noncontiguous group of keys. First MKB entry belongs to master tree, the rest of entries are just not used nowadays. So any device (except one that has never been sold) can derive the appropiate DK to get later the PK.
|
I was hoping that by getting clear terminology I could understand your idea. It looks like FMalibu thinks he understands you, but I do not. I think:
1) The first MKB entry is for an S-D set, not a full tree or subtree. It includes almost all devices except the lower left device, which would not be a real device.
2)The other entries are for similar S-D sets within the larger master tree.
3) We do not know if the other entries are used by current devices, but I bet they are - by non-software players.
4) Later PK keys will not be able to be derived by current devices if they are revoked by defining S-D sets in the MKB that do not include the revoked devices. The revocation will occur by adding one or more new S-D sets and media keys encrypted with the PKs for those S-D sets to the MKB (and eliminating the current S-D set which includes the current players).