5.1 Security Considerations for Implementers
SHA-1 Hashing: The use of SHA-1 hashing is critical to this protocol. Although SHA-1 has been shown to be vulnerable to collision through that use of specially crafted plaintext, the "one-wayness" of SHA-1 has not been compromised. This protocol relies on the "one-way" characteristic of SHA-1.
ECC Curves: This protocol does not utilize a standard curve for its ECC. The curve utilized by this protocol is fully disclosed in the document [MS-DRM].
Unique device identifiers: It is recommend that every device be provisioned with a unique serial number to prevent device cloning, as specified in section 3.2.1.
Real-time clock: It is recommended that every device implement a real-time clock, as specified in section 3.2.1.
HTTPS Transport: The HTTPS transport is recommended for use when available, as specified in section 2.1.
Secure Storage: The availability of a user opaque storage location on the device is crucial to the security of this protocol. The secure storage is used to hold and protect cryptographic keys and licenses.
Certified Cryptographic Library: The cryptographic library used in conjunction with this protocol is recommended to be FIPS certified and to pass NIST standard cryptographic test vectors to ensure both security and interoperability.