Re: DRM nonsense from Florian Bösch on 2013-02-12 (public-html-media@w3.org from February 2013)

From: Florian Bösch <pyalot@gmail.com>
Date: Tue, 12 Feb 2013 21:22:24 +0100
To: Mark Watson <watsonm@netflix.com>
Cc: "<public-html-media@w3.org>" <public-html-media@w3.org>
Message-ID: <CAOK8ODi6Vx1-nRknsMg8M+jWyd+tBbLbqTwabgoWa-4hvb6LjQ@mail.gmail.com>

On Tue, Feb 12, 2013 at 9:16 PM, Mark Watson <watsonm@netflix.com> wrote:

> In others it could output decoded frames for compositing by the browser.
>
Boom, and the DRM is toast.


This is just incorrect. Why do you assume this ?
>
Because the "standard" describes a containerized system to deliver the
content with the bits about how the DRM works left out completely other
than a handshake about how it can work. Obviously you could implement the
obfuscation fixed in the browser, which is probably a bad idea given that
this will be cracked in 5 minutes flat after release. So since I cannot
imagine browser-vendors being happy to deliver patches in 5-minute
intervals or face being blacklisted by you, you've got to come up with a
way to make a tiny little bit harder. The typical answer is some sort of
generic executable code, run in a "trusted" VM. It's pretty obvious really.

Received on Tuesday, 12 February 2013 20:22:52 UTC