Re: A proposal on EME

Operating systems with DRM capabilities means handcuffs to me. This must be
not permitted. Also hardware with DRM isn't acceptable. I prefer a world
without movies than a world without freedom.


2013/10/2 Mark Watson <watsonm@netflix.com>

> I'm sure browser implementors are considering whether what you propose is
> technically feasible, that is, whether the CDM needs to perform any
> functions that would be incompatible with sandboxing. Sandboxing certainly
> brings privacy and security advantages. In some cases it may be feasible
> and in others not. It may depend on the nature of the sandboxing
> capabilities that are available on each Operating System. However, in some
> cases, for example where the CDM makes use of DRM capabilities built into
> the Operating System, it might not be feasible.
>
> The thing about a W3C specification, though, is that is can only specify
> an API surface. And what really defines compliance to a specification is
> the test suite. How would you write a test for whether the CDM is sandboxed
> ?
>
> ...Mark
>
>
> On Wed, Oct 2, 2013 at 8:43 AM, Mhyst <mhysterio@gmail.com> wrote:
>
>> Well, at a great extent, browser vendors are gathered here. Don't pretend
>> this to be a separated matter.
>>
>> The question is: do you pursue content protection or user control? If the
>> answer is "content protection" then let's create a "content protection"
>> standard. So I think this is the right place to discuss about this.
>>
>>
>> 2013/10/2 Glenn Adams <glenn@skynav.com>
>>
>>>
>>> On Wed, Oct 2, 2013 at 9:21 AM, Mhyst <mhysterio@gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> The main problem with EME is that CDM have little or no restrictions at
>>>> all. That is too much power for the CDM developers and many people won't
>>>> trust them. We've talked about the security and privacy risks it may
>>>> convey. I think this is an obstacle in the path to advance EME.
>>>>
>>>
>>> The implementation of the CDM is part of the User Agent (Browser)
>>> implementation. The W3C generally does not specify how Browsers are
>>> implemented, and, as far as EME is concerned, the CDM implementation is not
>>> relevant to EME API semantics.
>>>
>>> It may be that in the future some Browser vendors will create a
>>> specification for a CDM API and its externally visible behavior. It is even
>>> possible that such work could be brought to the W3C. I would suggest you
>>> contact Browser vendors to pursue this matter further.
>>>
>>>
>>>>
>>>> I propose a radical modification to EME including the controlled
>>>> execution of the CDM. Sandboxing the execution of the CDM code, like
>>>> SecurityManager class does for Java, will restrict the CDM to just
>>>> decryption. The code can still be secret but not many people would complain.
>>>>
>>>> Sorry for my bad english. I'm sure someone can give much better
>>>> explanation than I'm able to do. I hope we can work in a real solution
>>>> without giving out users privacy and security.
>>>>
>>>> Cheers
>>>>
>>>
>>>
>>
>

Received on Wednesday, 2 October 2013 18:41:32 UTC