- From: <bugzilla@jessica.w3.org>
- Date: Mon, 25 Feb 2013 03:21:00 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21104 Bug ID: 21104 Summary: Distinguish between CDMs that allow the users to have digital access to the decrypted or decoded data versus those that do not. Classification: Unclassified Product: HTML WG Version: unspecified Hardware: PC OS: Windows NT Status: NEW Severity: normal Priority: P2 Component: Encrypted Media Extensions Assignee: adrianba@microsoft.com Reporter: fredandw@live.com QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-media@w3.org A common technical issue that needs clarification and definition is to distinguish between CDMs that allow the user to have digital access to the decrypted or decoded data versus those that do not. This is needed to support discussion of a range of open bugs such as: assessing the scope of the uses cases to open source web browsers and open source operating systems, and for assessing the security and privacy implications, etc. For example, text that addresses the privacy implications will need to separately discuss these distinct CDMs. I suggest adopting the following definitions to aid communication: 1.2.1. Content Decryption Module (CDM) This section is non-normative. The Content Decryption Module (CDM) is a generic term for a software or hardware module that decrypts and/or decodes data. A CDM can be classified into either a SCDM or DRM-CDM defined below. The implementation of the CDM is transparent to the API and application and a user agent may expose one or more CDMs to the API. The interface between the CDM is explicitly not defined here, and a user agent update may be required to support new CDMs, but the goal is to avoid the web app. needing to be changed. 1.2.2 SCDM - Secure Content Decryption Module This section is non-normative. The Secure Content Decryption Module (SCDM) is a generic term for a CDM for which the user is technically able to access the digital decrypted output of the CDM on user implemented web browsers and/or on user implemented operating systems including open source implementations. The SCDM will typically offer transport level security to prevent copying of the content by a third party while in transit to the users computer, but a SCDM also includes the degenerate case of a CDM that has weak or no end to end encryption. The set of SCDMs is disjoint from the set of DRM-CDMs defined below. It would be expected that a SCDM could become an open standard and could be implemented in an open source web browser and/or on an open source operating syste. A SCDM running in a proprietary stack does not make the SCDM a DRM-CDM - it is the possibility that the user could use the SCDM on their own stack. A DRM-CDM being used without license on a user implemented stack that bypasses restrictions does not qualify the CDM to be defined as a SCDM. 1.2.3 DRM-CDM - a Digital Rights Management Content Decryption Module This section is non-normative. The Digital Rights Management Content Decryption Module (DRM-CDM) is a generic term for a CDM for which the user is technically restricted from accessing the digital decrypted output of the CDM. For example, this could be done by the DRM-CDM author conspiring with a proprietary operating system vendor to limit the users access to the decrypted output, or it could be done by implementing the DRM-CDM in proprietary hardware that restricts user access. By definition a user implemented (including open source) web browser could not implement an integrated DRM-CDM as the user could technically access the decrypted output. By definition a user implemented operating system (including open source) could not host a DRM-CDM as the user could technically access the decrypted output. A DRM-CDM would be expected to be licensed to proprietary operating system vendors under restrictive terms, and the DRM-CDM would be expected to use patented technology. By definition the set of DRM-CDMs is disjoint from the set of SCDMs. A SCDM running on a restricted proprietary stack does not make the SCDM a DRM-CDM, as the user would have the option to simply switch to an more open platform. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 25 February 2013 03:21:02 UTC