[Bug 21231] License descriptor attribute

https://www.w3.org/Bugs/Public/show_bug.cgi?id=21231

--- Comment #8 from Fred Andrews <fredandw@live.com> ---
(In reply to comment #6)
> Comparing EME-based solutions with the proposal+secure transport, in cases
> (1) and (2) in the origin report, EME provides the opportunity to protect
> the content key and encoded content, wheresas this proposal+secure transport
> does not.

The proposed scope of the use cases for this bug only includes
those for which: the user is not the threat and could be expected
to cooperate with the content author in protecting the content
and may well have a compelling reason to do so such as when the
content is watermarked; or when an EME/CDM solution does not
effectively protect the decoded digital content from the user
accessing it.

It is not proposed that this handle use cases requiring 
the platform to effectively restrict the users access to
the decoded content.

Obviously the EME/CDM solution could handle all these use
cases, as could any suitable conduit to a black box.  However
there are a large range of use cases that can be handled with
the proposed solution and it is much simpler and could be
well defined and unencumbered.

It would appear possible to define the use cases that are
in scope in a technical and objective manner.  It would be
my hope that doing so would allow this class of use cases
to be addressed in a professional manner by myself and
others.

> There are a number of attacks which are possible based on
> access to the keys and/or encoded content. They are
> therefore not equivalent.

The claim is only that for large classes of use cases
that the proposal+secure transport is equivalent.

Of the class of solutions for which the user can already
technically access the decoded stream, does EME/CDM offer
any more protection than the proposal+secure transport?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 11 March 2013 23:55:31 UTC