[Bug 20944] EME should do more to encourage/ensure CDM-level interop from bugzilla@jessica.w3.org on 2013-02-12 (public-html-bugzilla@w3.org from February 2013)

From: <bugzilla@jessica.w3.org>
Date: Tue, 12 Feb 2013 08:46:16 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20944-2486-ZahfsVSMiv@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20944

--- Comment #4 from Robert O'Callahan (Mozilla) <roc@ocallahan.org> ---
Glenn, I think addressing your comments will not help make progress on this
bug, so I'll reply on public-html-media.

(In reply to comment #3)
> Could you explain a little how you would expect to use such information ? If
> you created an independent implementation, how would you expect to get the
> secret keys ? From the original DRM vendor, or by establishing your own key
> management system ?
> 
> Or is the intent just to have concrete information publicly available
> describing exactly what a given commercial CDM does, for the purpose of
> security and privacy review ? 

That is a good question, thanks. I have a few things in mind:

-- I think it will help interoperation if all parties understand what each CDM
actually does. Even if a CDM cannot be reimplemented from scratch, its behavior
can be understood, bugs can be diagnosed and either worked around or blame
assigned to the correct party for a fix.

-- At some point in the future, if a CDM becomes obsolete, unmaintained, or
otherwise orphaned, the keys can be either disclosed or if necessary obtained
by other means, and then there will be enough information for it to be
reimplemented. This is important to ensure interoperation indefinitely far in
the future (e.g. for archival purposes).

-- Understanding the operation of the CDMs may expose unexpected
interoperability issues that need to be addressed. Right now, since the CDMs
are black boxes, third parties don't know "what questions to ask". This
information could reveal areas where we need to tighten specifications, or it
could reveal actual problems with CDMs that need to be fixed to improve their
interoperability across UAs.

-- The transparency around security and privacy that you mentioned, and in
general public peer review of systems design, is a valuable effect, although
it's not the focus of this bug.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 12 February 2013 08:46:18 UTC