- From: Joe Steele <steele@adobe.com>
- Date: Tue, 30 Oct 2012 08:20:35 -0700
- To: Steven Robertson <strobe@google.com>
- CC: Mark Watson <watsonm@netflix.com>, "<public-html-media@w3.org>" <public-html-media@w3.org>
- Message-ID: <13601E8A-4600-44AF-AB2C-C4294A9D639B@adobe.com>
Joe Steele steele@adobe.com<mailto:steele@adobe.com> On Oct 23, 2012, at 10:25 AM, Steven Robertson wrote: On Fri, Oct 19, 2012 at 4:08 PM, Joe Steele <steele@adobe.com<mailto:steele@adobe.com>> wrote: On Oct 19, 2012, at 12:45 PM, Mark Watson wrote: If, however, you are proposing that the appData is *opaque to the CDM*, then things might be different. i.e. the appData would be an opaque BLOB that the CDM is supposed to include within the license request message (protected by whatever mechanisms the CDM uses to protect its messages). Is that what you meant ? I'd have to think further about that. [steele] I am not sure I see the distinction here. I can already append opaque data to the initData passed in createSession from the client app. However I would have to include additional logic in the client app to encode the opaque data in a way that key-system wants. With my proposal - any CDM (including ClearKey) can use the information directly or encode it appropriately for the key server without having the encoding logic in the app itself. [strobe] I think the issue is that *every* CDM would have to do so in order for this to be usable, and that mandating such a change would shut out most key systems available today (and thus basically kill the spec). The worst-case scenario is that some combinations of key system / CDM / license format support embedding in a secure way, some support embedding in a non-secure way, and some do not support embedding at all, in which case the app must become uncomfortably aware of the license request format. If this is an optional feature, it could be argued that nobody would have to use it in cases where there were differences in the security levels of various key systems, but I posit that even as an optional feature some authors would come to rely on this behavior, which would then limit interoperability if new key systems became available in the future which did not support secure transmission of appData. My proposal does not require every CDM to actually use the information passed, nor every application to pass the information. It only says that applications can pass this information and CDMs can use it if available. I am more than happy to stipulate that if an application does not pass information in this fashion, the CDM is not allowed to fail because of it. I am further saying that interoperability is already limited by the fact that some key systems transmit appData in this fashion and it is not allowed by this spec. We don't have to speculate about whether this will become a problem - it is a problem right now for my key system. Joe Steve
Received on Tuesday, 30 October 2012 15:21:05 UTC