[encrypted-media] EME should support continuous key rotation per MPEG Common Encryption (ISO/IEC 23001-7 from jdsmith3000 via GitHub on 2015-12-01 (public-html-media@w3.org from December 2015)

From: jdsmith3000 via GitHub <sysbot+gh@w3.org>
Date: Tue, 01 Dec 2015 18:21:07 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-119777258-1448994067-sysbot+gh@w3.org>

jdsmith3000 has just created a new issue for 
https://github.com/w3c/encrypted-media:

== EME should support continuous key rotation per MPEG Common 
Encryption (ISO/IEC 23001-7 ==
The MPEG Common Encryption spec was specifically created to define “… 
standard encryption and key mapping methods that can be utilized to 
enable decryption of the same file using different Digital Rights 
Management (DRM) and key management systems”.  For key rotation, the 
23001-7 protection system specific header box (‘pssh’) is expressly 
allowed to be in the movie fragment (‘moof’) box, enabling policy and 
key rotation scenarios, and “… MAY include data such as the URL of 
license server(s) or rights issuer(s) used, embedded licenses/rights, 
embedded keys(s), and/or other protection system specific metadata.” 
(23001-7, 8.1.1).  Keys distributed in the movie fragment are allowed 
so that they can be directly used by the client to decrypt and play 
content.  Cable and cellular networks need this key rotation ability 
to enforce re-authorization over multicast/broadcast. Millions of 
synchronized unicast license requests for multicast live broadcasts is
 inefficient and unnecessary. This is a primary reason why the ‘pssh’ 
box can be included in the movie fragment box.

EME currently doesn’t allow this rotation because it prohibits 
providing Initialization Data (‘pssh’ box) to the CDM except to 
generate a license request.  To support DRM-interoperability provided 
by 23001-7, EME must allow for initialization data to be provided to 
the CDM without generating a new session or performing a license 
acquisition, it must allow the CDM to derive a key from a ‘pssh’ box 
without requiring a key request message, and it must permit the ‘pssh’
 box to contain a key.

This issue relates somewhat to #41 and #53, but recommends a specific 
use case we believe should be supported by the EME spec.

Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/132 using your GitHub 
account

Received on Tuesday, 1 December 2015 18:21:10 UTC