Re: A proposal on EME

Well, at a great extent, browser vendors are gathered here. Don't pretend
this to be a separated matter.

The question is: do you pursue content protection or user control? If the
answer is "content protection" then let's create a "content protection"
standard. So I think this is the right place to discuss about this.


2013/10/2 Glenn Adams <glenn@skynav.com>

>
> On Wed, Oct 2, 2013 at 9:21 AM, Mhyst <mhysterio@gmail.com> wrote:
>
>> Hello,
>>
>> The main problem with EME is that CDM have little or no restrictions at
>> all. That is too much power for the CDM developers and many people won't
>> trust them. We've talked about the security and privacy risks it may
>> convey. I think this is an obstacle in the path to advance EME.
>>
>
> The implementation of the CDM is part of the User Agent (Browser)
> implementation. The W3C generally does not specify how Browsers are
> implemented, and, as far as EME is concerned, the CDM implementation is not
> relevant to EME API semantics.
>
> It may be that in the future some Browser vendors will create a
> specification for a CDM API and its externally visible behavior. It is even
> possible that such work could be brought to the W3C. I would suggest you
> contact Browser vendors to pursue this matter further.
>
>
>>
>> I propose a radical modification to EME including the controlled
>> execution of the CDM. Sandboxing the execution of the CDM code, like
>> SecurityManager class does for Java, will restrict the CDM to just
>> decryption. The code can still be secret but not many people would complain.
>>
>> Sorry for my bad english. I'm sure someone can give much better
>> explanation than I'm able to do. I hope we can work in a real solution
>> without giving out users privacy and security.
>>
>> Cheers
>>
>
>