W3C home > Mailing lists > Public > public-html@w3.org > March 2012

Re: Encrypted Media proposal (was RE: ISSUE-179: av_param - Chairs Solicit Alternate Proposals or Counter-Proposals)

From: Christian Kaiser <kaiserc@google.com>
Date: Tue, 6 Mar 2012 08:34:06 -0800
Message-ID: <CACinLHVy5mmhT+bqEWbyg+igL4uJruH5BSaMTRkG18W_zvLtBw@mail.gmail.com>
To: Kornel Lesiński <kornel@geekhood.net>
Cc: "public-html@w3.org" <public-html@w3.org>
On Tue, Mar 6, 2012 at 02:01, Kornel Lesiński <kornel@geekhood.net> wrote:

> On Tue, 06 Mar 2012 06:11:01 -0000, Christian Kaiser <kaiserc@google.com>
> wrote:
>
>  For the record, YouTube is interested in ClearKey. It's obviously subject
>> to negotiations and business decisions that are yet to happen, but
>> ClearKey may provide enough robustness for *some* use cases.
>> YouTube is also interested in other "shades of gray" between ClearKey and
>> commercial CDMs in terms of maximum robustness, so that more use cases
>> can be covered. It would be interesting to explore how robust an open
>> source,
>> royalty-free CDM can be.
>>
>> It seems like a good idea to create a "playground" that enables these
>> kinds of explorations. The proposal at hand does that. I hope we'll see it
>> in
>> action one day.
>>
>
> That is good news!
>
> In terms of clearkey, is http+aes scheme a satisfactory solution?
>

As far as I can tell, ClearKey and http+aes are equivalent in maximum
robustness. The framework that ClearKey is intended to be plugged into is
highly desirable, though, because it enables other CDMs, too. Therefore,
ClearKey seems the better solution.


> By the "shades of gray" solutions, do you mean other uses of ClearKey
> (such as combining it with JS-based key obfuscation) or non-clearkey CDMs?


ClearKey is relatively low on the scale of maximum robustness since the key
is exposed to JS. Therefore, the actual robustness of its implementations
will likely not be high enough for many use cases. However, it is
royalty-free AFAIK (disclaimer: IANAL) and can definitely be implemented in
open source.

Commercial CDMs use a number of techniques to achieve higher maximum
robustness, e.g. not exposing the key to outside the CDM, being renewable
etc.
As far as I know, existing commercial CDMs are not implemented in open
source and are not royalty-free.

It would be interesting to see whether it is possible to create a CDM that
can still be implemented in open source and is royalty-free, but *more*
robust than ClearKey, and therefore applicable in more use cases.

The proposal at hand creates an environment in which this type of
innovation is possible. I would therefore like to see it in action.

Christian
Received on Tuesday, 6 March 2012 16:34:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:46 GMT