- From: Mark Watson <watsonm@netflix.com>
- Date: Thu, 17 Oct 2013 14:43:50 -0700
- To: cobaco <cobaco@freemen.be>
- Cc: "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
- Message-ID: <CAEnTvdBXj5dShPHYT8FZr88J9J2BHZFyP0G8OnBaU8GeF0r4-Q@mail.gmail.com>
On Thu, Oct 17, 2013 at 1:44 PM, cobaco <cobaco@freemen.be> wrote: > On 2013-10-16 12:08 you wrote: > > On Sun, Oct 13, 2013 at 7:05 AM, cobaco <cobaco@freemen.be> wrote: > > > On 2013-10-12 09:27 Mark Watson wrote: > > > We're considering a user of a proprietary operating system who today is > > watching content using Microsoft Silverlight. > > Starting with the precondition of a proprietary system is just not > acceptable > > Users of the web very much includes those on systems like cyagenmod, Debian > (and its many offshoots), and other Free OSes. > > Those users *need* to be part of the considerations, simply dismissing them > out of hand is just not on. > My statement was simply a statement about users of proprietary operating systems, because those were the users we were discussing. Making a statement about one group of users doesn't say anything about whether it's important or not to consider another group of users. I address other users below. > > The web is an amazingly diverse place device and operating system wise, we > want to keep it that way. > W3C in fact explicitly states 'web on everything' as a design principle > [1], > 'on everything' includes on free software OSes > > Implementability and interoperability without permission is *the* key > property > of the web that makes that diversity possible. > > EME+CDM violates that property and thus is in conflict with W3C design > principles > > As you've pointed out repeatedly the traditional movie industry demands > walled > gardens, and is consequently going to go the DRM route even without W3C. > > However, a walled garden -by definition- is something that's not for > everyone, > which means any walled garden conflicts with the stated design principles > of > the W3C [1] > > W3C should not be helping the creation of walled gardens (or the tool to > build > those gardens), as that is in factual opposition to the 'web on everyting' > design principle. > EME is a tool to create walled gardesn, as such W3C cannot pass EME without > being seen to violate it's principles > Massive loss of trust in W3C and W3C standards will be the result of going > that route. > I think proposals should be evaluated on the basis of whether they bring you closer to your goals or take you further away. As I've repeatedly explained, free software users and some content owners have, through their individual decisions and principles, forever alienated themselves from each other. They cannot meet, because there respective requirements are logically incompatible. Insisting that we bridge this divide is insisting on something impossible. > > > We have three models that have been mooted for the CDM: > > (a) a purely software CDM running in user space > > If the object is to stop copying (as is the claim of DRM-proponents), > No, I don't think anyone has ever claimed that DRM stops all copying all the time. > then this approach is something that simply cannot possibly work: > > In order to have any hope at all of being 'robust' DRM *needs* to be able > to > check what the OS does on a low level, and it *needs* to be able to > override > the OS. > That simply cannot be done completely in user space (at least not without > becoming outright malware) > Well, Silverlight seems to be an empirical example which refutes this assertion. The fact is that content protection of a robustness acceptable to most content providers can and is achieved in software in user space. > > > For (a) the footprint / attack surface of the CDM is clearly much smaller > > than that of Silverlight. > > We do not yet know what additional controls the UA may be able to place > on > > the functions of such a CDM, but certainly they will be no worse than the > > situation with Silverlight today and could be better > > No it isn't: > in both cases you're pulling in a userspace black box, > in both cases that black box is writen in a turing-complete language, > so... in both cases the potential for abuse is equally big > I'm not familiar with the techniques that exist to constrain what a given piece of opaque code can/can't do on a system. Of course you cannot constrain the calculations it might perform internally, but there can be ways to constrain its access to the system and its input and output. There certainly are some such techniques today and they could get better in future. My point was just that by its nature as a complete presentation environment, Silverlight needs a lot more system access than a CDM does to perform its intended function. So, in principle the system access and I/O of a CDM could be much more constrained than that of Silverlight. > > > (b) a CDM built into the operating system (which may or may not be > running > > in user space) > > > For (b) remember that the whole operating system is an opaque component. > I > > don't see any reason so consider the CDM drop as any different from the > OS > > ocean. > > your OS may be an opaque component... mine isn't > and that's true for an increasing number of users. > Of course, I know this. As noted above, my whole statement here was only about the case of users of proprietary systems. I address other users below. > > now, if the industry was willing to document and make transparent those > CDM's > then (and only then) it can be implemented everywhere, thus meeting the W3C > design principles > > > (c) a CDM running in a Trusted Execution Environment somewhere in the > system > > > In the case that the OS is not from Microsoft, the user has moved > > from having opaque software provided by a vendor of the content > provider's > > choice (Silverlight provided by Microsoft) to only having opaque > components > > provided by a vendor of their own choice - which is surely an > improvement. > > The security maxim goes 'trust but verify' > > Opaque blobs make that impossible, that's a fundemental problem of any > black > box approach > > An opaque block of code, especially at the OS level, could be doing > literally > anything, with you none the wiser. > > In a post-snowden and increasingly authoritarian world there is not a > single > company I trust with that kind of power on my machines That's entirely up to you. I don't understand how your comments above relate to my comment, though. > > > For (c) the whole point of a TEE is to be secure. The API surface of a > TEE > > is highly constrained to this end. IIUC, the TEE is a totally separate > > environment from the main OS with it's own kernel and limited > communication > > between the TEE and the rest of the system. I'm not really an expert in > > this option, but it seems to me there is plenty of scope for > constraining a > > TEE-bound CDM to doing only and exactly what it is supposed to do. > > I take it that by TEE you're talking about hardware enforced cryptographic > code signing, ala UEFI? > I'm not really an expert, as I said, so I'm not referring to any specific technique but just to the concept of an execution environment which is trusted by a third party. > > In which case the question is, who controls the keys for a given machine? > > That *should* be the user (as it's his machine)... in which case TEE adds > absolutely nothing from an anti-copying perspective > > If it's not the user controlling the keys, then in a very real sense it's > not > actually the user's machine... In which case whoever controls the keys had > better be paying for the machine and its upkeep, cause I (for one) sure > won't > Again, that's fine, but not really relevant. > > > > > For the second group, since they cannot access any protected content > > > > today, > > > > cannot *legally* access protected content (and even that much is > untrue in > > > parts of the world like the Netherlands where downloading itself is > > > perfectly legal) > > > > > > a fact that makes for a different picture altogether > > > I wonder if we should just take it as a baseline that what we're > > discussing here is ways to access content that do not involve piracy. > > piracy is a part of the internet landscape > piracy is here to stay > > the industry can't just say: > "lets pretend it doesn't exist and start from there" > (well not and be taken seriously in any case) > > That's not what I said. We should be trying here to provide people with legitimate ways to access content. If I can take a group of users who have no such option today and then provide it, great. If I can take a group of users who have a legitimate option today and improve that option, also great. If there is a group who have no legitimate access today and I can do nothing for them, not great, just a noop. I don't see how the existence of piracy affects this consideration. > so no, we can't take that as a baseline > > > Our objective should be to provide users with such options. Arguing that > we > > don't need to solve this problem because users can always resort to > > supporting piracy doesn't help those users who would prefer not to do > that. > > if the industry wants piracy to go away then they'll need to provide > options > that are better then piracy > Exactly what I am trying to do. At least we agree on something ;-) > > Non-breakable DRM is incompatible with general purpose computers, that to > me > makes DRM a worse option by far then piracy (that DRM is also incredibly > annoying doesn't help that one bit) > That's fine for you. Noone is forcing you to use DRM. Others feel differently, evidently. > > Happily there's plenty of other stuff out there. Production of content has > litterally grown exponentially the last decade, and that growth shows no > signs > of stopping (cause being that the general purpose computer combined with > the > internet has drastically lowered barriers to entry) > > If there wasn't enough non-drm quality entertainment out there (there is), > and my choice actually was piracy or DRM (it isn't) > ... > then I'd choose piracy each and every time, and so would an awfull lot of > people. > There is some evidence to the contrary, for example see [2]. > > Something being illegal has never stopped people from getting any > particular > good and never willl. > That's especially true for digital piracy where the entrance to the black > market is so very very easy (certainly compared to any other black market) > > [1] http://www.w3.org/Consortium/mission#principles > -- > Cheers > > [2] http://www.techspot.com/news/48770-us-bittorrent-traffic-decline-credited-to-legal-alternatives.html
Received on Thursday, 17 October 2013 21:44:18 UTC