Re: Is EME usable regardless of the software/hardware I use ? from piranna@gmail.com on 2013-06-10 (public-restrictedmedia@w3.org from June 2013)

From: <piranna@gmail.com>
Date: Mon, 10 Jun 2013 23:08:48 +0200
To: Mark Watson <watsonm@netflix.com>
Cc: public-restrictedmedia@w3.org
Message-ID: <CAKfGGh0=6SqQHwf3J0RwtV=ZNC5SC=aE92enJunBJHTeAhmQ_w@mail.gmail.com>

> The intent of EME is not to create an arbitrary plugin API for "binary
blobs controlled by Hollywood". It is for User Agents to integrate with
specific CDMs of their choice, the properties and functionality of which
they know such that they can vouch for their functionality to their users.
Or, if the CDM vendors refuse to provide such information to UA
implementors the UA can highlight this lack of knowledge to the user or
refuse to integrate with the CDM.
>
So, implicitly, you are saying that this CDMs will not be available to open
source browsers because developers will not want to sign NDAs incompatibles
with their licenses requiring full access to all the source code by
everybody, and CDMs verdors will have the perfect excuse to don't release
them because they "can't do it" argumenting intellectual property over
their code, patents, commercial secrets, security issues...

> I would expect UAs to pay special attention to the APIs that CDMs have
access to: whether they have "side-channel" network access, disk access etc.
>
I expect everybody has a price, specially multi-billion corporates:
exclusive contracts, interchange of users data, etc.

> To Nikos point, yes, you are right, it is not the same kind of trust in
the UA that comes from studying the source code, but that does not meet it
is devoid of value to have the UA implementor - who has different
incentives from the CDM vendor or content provider - in the loop. It is
entirely possible that the UA implementor has seen the CDM source code and
makes their representations to their users on that basis.
>
So, if I want to develop a browser from scratch (a difficult task, but I
have the skills to do it), would I have access to the CDM source code as an
individual, or since I'm "only one guy" the best alternative I would have
is to trust on a guy from Mozilla (or whatever) that nobody warrant me he
didn't receive an envelope with money and inject its "certificated" binary
blob on my browser code? Honestly, I find this not only it fix anything
about the actual situation with Flash or Acrobat but also it's way worst
from a trust and transparency point of view...

Received on Monday, 10 June 2013 21:09:15 UTC