- From: Casey Callaghan <caseyc37@gmail.com>
- Date: Fri, 10 May 2013 12:07:02 +0200
- To: public-html-admin@w3.org
- Message-ID: <CAHoGenMomn90=iC0zfBRNb=J+NGGTi09T3ZR0DDf-qq5kyL9FA@mail.gmail.com>
Having a look over the documentation on EME (encrypted media extensions), I find the following: > The user should not be restricted from accessing content for which legal rights have been obtained. (source: https://dvcs.w3.org/hg/webtv/raw-file/tip/mpreq/cpreq.html) I also find the following statement in the First Working Public Draft ( https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media-fpwd.html ): > Support simple decryption without the need for DRM servers, etc. This is a necessary corollary of the previously quoted statement; if servers are needed to view legally purchased content (even if only to obtain decryption keys), then the legally purchased content will be unavailable if and while said servers are down. However, as soon as secure decryption is discussed, I find that a DRM server begins to form a vital part of the process. I have no doubt that many content providers will accept only the most secure decryption methods for their content; this leads to well-known problems should the content provider's servers ever go offline. This can be mitigated, to some degree, with multiply redundant servers or cloud computing. However, these solutions may be expensive and are unlikely to be kept running when it would be unprofitable to do so (for example, when the sales of a given piece of media have ended; possibly after an interval after that ending). This could also be impractical for smaller content providers, without large budgets. Therefore, in order to resolve this, I would like to propose for consideration the following idea (based on the serverless encryption scheme for Bitcoin): - that, when a user purchases legal access to a given piece of media, a message (signed with the content provider's private key) must be sent to all clients informing them of this purchase; - that all clients may (and are indeed encouraged to) keep a record of all such messages from all providers; - that any client, in possession of both the signed message from the content provider (verified by means of the content provider's public key) giving a given user legal permission to view certain media, and the data required to decrypt that media (either the CDM or the key obtained from the same content provider), may provide either the CDM, or the key, or both to the user on authorised request. - that any client which does so must inform the content provider's server and all other clients of such access, if the key is limited in any way. In this way, a DRM server going offline does not prevent a user from viewing content to which they purchased a valid license before the server went offline. This appears to be a necessary consequence of the stated aims of this standard. Casey
Received on Friday, 10 May 2013 13:19:57 UTC