Re: CfC: to publish a Encrypted Media Exstensions" hearbeat Working Draft from Mark Watson on 2013-09-24 (public-html-media@w3.org from September 2013)

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 24 Sep 2013 16:17:33 -0700
To: Julio Serrano <mhysterio@gmail.com>
Cc: "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <CAEnTvdCYZt+hk3aq0=TgMpwYwnbGs7mso_vPsdK-hmsDdaMEBQ@mail.gmail.com>

On Tue, Sep 24, 2013 at 4:01 PM, Julio Serrano <mhysterio@gmail.com> wrote:

> El 24/09/13 17:30, Mark Watson escribió:
> >
> >
> >
> > On Tue, Sep 24, 2013 at 8:19 AM, Mhyst <mhysterio@gmail.com
> > <mailto:mhysterio@gmail.com>> wrote:
> >
> >     CDM is going to be propietary software and secret... this gives too
> >     much power to the companies
> >     and I think no one can be trusted to have that power over me. And
> >     then, I think CDM should be not
> >     part of any user-agent.
> >
> >
> > That is something you should take up with user-agent vendors and/or
> > factor into your choice of user-agent.
> >
> >
> >
> >     But if user-agent vendors are going to implement CDM inside, there
> >     should be a way of knowing it
> >     as well.
> >
> >
> > I agree. If the UA vendors agree too then I expect they will provide a
> > settings option to enumerate/enable/disable the DRM capabilities of
> > the UA. Again, this is not something that has any impact on the
> > specification work.
>
> Many people doesn't have the knowledge to make a good decision about the
> browser of choice. So... caring about all the people, I consider we
> should make EME as restrictive as posible. If we tell browser vendors
> what is best to do, there will be less chances in the horizon for a "bad
> choice" browser to exist.
>
> I think browsers shouldn't be allowed to contain CDM components inside
> out of the box. Given a person that is never going to watch to EME
> protected content, why should he or she allow a CDM inside his or her
> browser? The bigger the browser the more chances to contain
> vulnerabilities that make browsing less safe, so I think browsers should
> keep close to just browsing.
>

These are reasonable comments. Generally, W3C has left it to browser
implementors to decide when they need to offer choices or warnings to users
(infobars, dialogs etc.), what is enabled by default and what requires
explicit action to enable etc. Nevertheless, if the browser implementors
can all agree, then there is value in following common practices/guidelines
and here would be a good place to get feedback from browser implementors on
what they think is reasonable and to try to convince them to take one
approach or another.

Regarding EME being restrictive, this is in some sense the entire purpose
of EME: to define an API and "CDM-shaped hole" that enables the minimum
functionality required for the protected content use-cases. The contrast to
draw is with the <object> element where the black hole is completely
shapeless. I would just say that if this is your objective, you will likely
have much more success if this work continues here than if it is made to
take place somewhere else.

...Mark

>
> >
> > ...Mark
> >
>
>
>

Received on Tuesday, 24 September 2013 23:18:02 UTC