- From: Mark Watson <watsonm@netflix.com>
- Date: Wed, 2 Oct 2013 09:12:04 -0700
- To: Mhyst <mhysterio@gmail.com>
- Cc: Glenn Adams <glenn@skynav.com>, "public-html-media@w3.org" <public-html-media@w3.org>
- Message-ID: <CAEnTvdAD2-1D127wsOMkpL9fDJ+ukRqT0LmGG8W7Uc3OBPm=RQ@mail.gmail.com>
I'm sure browser implementors are considering whether what you propose is technically feasible, that is, whether the CDM needs to perform any functions that would be incompatible with sandboxing. Sandboxing certainly brings privacy and security advantages. In some cases it may be feasible and in others not. It may depend on the nature of the sandboxing capabilities that are available on each Operating System. However, in some cases, for example where the CDM makes use of DRM capabilities built into the Operating System, it might not be feasible. The thing about a W3C specification, though, is that is can only specify an API surface. And what really defines compliance to a specification is the test suite. How would you write a test for whether the CDM is sandboxed ? ...Mark On Wed, Oct 2, 2013 at 8:43 AM, Mhyst <mhysterio@gmail.com> wrote: > Well, at a great extent, browser vendors are gathered here. Don't pretend > this to be a separated matter. > > The question is: do you pursue content protection or user control? If the > answer is "content protection" then let's create a "content protection" > standard. So I think this is the right place to discuss about this. > > > 2013/10/2 Glenn Adams <glenn@skynav.com> > >> >> On Wed, Oct 2, 2013 at 9:21 AM, Mhyst <mhysterio@gmail.com> wrote: >> >>> Hello, >>> >>> The main problem with EME is that CDM have little or no restrictions at >>> all. That is too much power for the CDM developers and many people won't >>> trust them. We've talked about the security and privacy risks it may >>> convey. I think this is an obstacle in the path to advance EME. >>> >> >> The implementation of the CDM is part of the User Agent (Browser) >> implementation. The W3C generally does not specify how Browsers are >> implemented, and, as far as EME is concerned, the CDM implementation is not >> relevant to EME API semantics. >> >> It may be that in the future some Browser vendors will create a >> specification for a CDM API and its externally visible behavior. It is even >> possible that such work could be brought to the W3C. I would suggest you >> contact Browser vendors to pursue this matter further. >> >> >>> >>> I propose a radical modification to EME including the controlled >>> execution of the CDM. Sandboxing the execution of the CDM code, like >>> SecurityManager class does for Java, will restrict the CDM to just >>> decryption. The code can still be secret but not many people would complain. >>> >>> Sorry for my bad english. I'm sure someone can give much better >>> explanation than I'm able to do. I hope we can work in a real solution >>> without giving out users privacy and security. >>> >>> Cheers >>> >> >> >
Received on Wednesday, 2 October 2013 16:12:38 UTC