[Bug 20944] EME should do more to encourage/ensure CDM-level interop from bugzilla@jessica.w3.org on 2013-02-12 (public-html-bugzilla@w3.org from February 2013)

From: <bugzilla@jessica.w3.org>
Date: Tue, 12 Feb 2013 01:15:55 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20944-2486-QGIPOGgeoT@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20944

Mark Watson <watsonm@netflix.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |watsonm@netflix.com

--- Comment #3 from Mark Watson <watsonm@netflix.com> ---
(In reply to comment #0)
> The current EME draft makes no attempt to encourage interop at the CDM
> level. For example, the current EME draft does not forbid or even discourage
> a UA vendor from promulgating a CDM that no other user-agent can support,
> and encouraging the creation of content for that CDM consumable only by that
> user-agent. Such an outcome would be antithetical to the mission of the W3C,
> and the W3C should not bless, appear to bless, or enable such scenarios.
> 
> I believe it is possible to fix this bug without making major changes to EME
> or CDM technology, without discarding existing EME/CDM requirements, and
> that it's worth making at least a good-faith effort to try. I believe this
> should be settled (at least to the point of committing to fix the bug)
> before EME progresses further, or any requirements we need to add to EME and
> CDMs are likely to be rejected as "too late".
> 
> My proposed fix is to have EME require CDMs to be registered in a central
> registry. To be registered, a CDM would have to meet the following
> conditions:
> 
> 1) Documentation must be published describing the complete operation of the
> CDM, in enough detail to enable independent implementation in user-agents
> and to enable content deployment by content providers, except for some set
> of secret keys whose values may be withheld. (Similar to but weaker than
> IANA's "specification required" registry policy.)

Hi Robert,

Could you explain a little how you would expect to use such information ? If
you created an independent implementation, how would you expect to get the
secret keys ? From the original DRM vendor, or by establishing your own key
management system ?

Or is the intent just to have concrete information publicly available
describing exactly what a given commercial CDM does, for the purpose of
security and privacy review ? 

> 
> 2) If the CDM vendor offers functionality to third parties to decrypt
> content that can be decrypted by the CDM, then it must publish documentation
> describing how to implement the CDM using that functionality. (E.g. if a DRM
> platform vendor implements a CDM using that DRM platform, other consumers of
> that platform must also be able to implement the same CDM.)
> 
> These requirements are not the only possible fix, and may in fact be an
> inadequate fix, but I believe they're a lot better than nothing.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 12 February 2013 01:15:56 UTC