Re: {minutes} HTML WG media telecon 2013-08-13 - EME status and bugs discussion from Robert O'Callahan on 2013-08-14 (public-html-media@w3.org from August 2013)

From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 15 Aug 2013 11:33:23 +1200
To: Joe Steele <steele@adobe.com>
Cc: "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <CAOp6jLbYXcramR==kzyiXWSkaf-YXSUVxTywo7eu8FwYAPG4wA@mail.gmail.com>

On Wed, Aug 14, 2013 at 4:11 AM, Joe Steele <steele@adobe.com> wrote:

> johnsim: the issue here goes back to the definition of openness we are
> exploring
> ... seems like it may only be acheivable depending on how you define
> opennesss
> ... if you require the internal functioning of the CDM to be published,
> that is overly intrusive
> ... like to know more about the actual requirements, what problem it solves
> paulc: more compatibility with open source
> johnsim: in the sense that someone could implement the CDM without
> working with the proprietary key system provider
> ... could provide a bogus DRM that would not enforce restrictions - not
> reliable
> markw: that question is exactly what I asked Robert before, he gave a
> detailed answer with information about security and privacy reviews
> ... think it is reasonable to ask, it is up to the DRMs to determine
> whether this would compromise the DRM system
>

Thanks Mark.

The proposal in the bug explicitly does not require publication of all the
information required to reimplement a CDM --- since that obviously wouldn't
fly. The proposal in the bug is to publish all information about the
operation of the CDM except for the values of cryptographic keys. This
matches the "best practices" of modern cryptography, in which the security
of a system depends only on keeping secret keys secret, not on keeping
secret how the system works.

Discussion in the bug answers questions recorded in the minutes --- please
read it.

Rather than have group members speculate about the acceptability of these
requirements to CDM vendors, we should elicit direct public feedback from
CDM vendors on whether they can accept these requirements --- and if not,
why not.

Rob
-- 
Jtehsauts  tshaei dS,o n" Wohfy  Mdaon  yhoaus  eanuttehrotraiitny  eovni
le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o  Whhei csha iids  teoa
stiheer :p atroa lsyazye,d  'mYaonu,r  "sGients  uapr,e  tfaokreg iyvoeunr,
'm aotr  atnod  sgaoy ,h o'mGee.t"  uTph eann dt hwea lmka'n?  gBoutt  uIp
waanndt  wyeonut  thoo mken.o w  *
*

Received on Wednesday, 14 August 2013 23:33:49 UTC