W3C home > Mailing lists > Public > public-html@w3.org > March 2012

Re: Encrypted Media proposal (was RE: ISSUE-179: av_param - Chairs Solicit Alternate Proposals or Counter-Proposals)

From: Charles Pritchard <chuck@jumis.com>
Date: Fri, 02 Mar 2012 19:47:41 -0800
Message-ID: <4F51945D.8010109@jumis.com>
To: Boris Zbarsky <bzbarsky@MIT.EDU>
CC: Mark Watson <watsonm@netflix.com>, "<public-html@w3.org>" <public-html@w3.org>
On 3/2/2012 7:31 PM, Boris Zbarsky wrote:
> On 3/2/12 6:23 PM, Mark Watson wrote:
>>> Yes, but my question is why the customer should need to worry about 
>>> a Netflix badge instead of just being able to buy a TV and watch 
>>> Netflix on it...
>>
>> That's exactly where we would like to get to. Exactly why we made our 
>> proposal.
>
> I think the problem I'm having is it seems like your proposal or 
> something like it is a possible step to get there but not at all 
> sufficient on its own.  And whether it's actually sufficient will 
> depend on the exact policies surrounding CDM deployment...
>
> So we can easily end up with a situation which is no better than now, 
> except now enshrined in a standard.
>
> I realize you don't really have a way to alleviate my concern here.  :(
>

May be helpful, because it has a graph.
http://www.anandtech.com/show/4480/ti-omap4-first-to-be-awarded-netflix-hd-1080p-hd-sri-certification

My concern on this spec will continue to be whether it can be proven 
useful for high security media transfer.

My hypothetical system: someone has plugged an external device into an 
untrusted computer, it receives the video stream, and the low security 
key through that untrusted computer, it has a separate key system, which 
is combined with the low security key and the video stream, and 
magically, my Get Smart video-shoe shows me the classified feed. After 
which, it explodes.

Anyway, I'm not a security expert, but I believe that use case will work 
out with the scheme being proposed. Which is why I'm ok with it. 
Otherwise, the link above provides the other area, where applications 
are theoretically blocked from snooping on the feed, and so I'm free 
from threat of malware catching my stream.

-Charles
Received on Saturday, 3 March 2012 03:47:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:46 GMT