W3C home > Mailing lists > Public > public-html-media@w3.org > May 2015

[EME] Secure release & segmentation (was: Secure release and persistence)

From: David Dorwin <ddorwin@google.com>
Date: Wed, 6 May 2015 16:38:44 -0700
Message-ID: <CAHD2rsiaakKRKR5s=bD3i-Zr4rXkOJiXNvTtPWQpVkPBHAhDvg@mail.gmail.com>
To: "Jerry Smith (WINDOWS)" <jdsmith@microsoft.com>
Cc: Mark Watson <watsonm@netflix.com>, "public-html-media@w3.org" <public-html-media@w3.org>
On Thu, Apr 30, 2015 at 2:59 PM, Jerry Smith (WINDOWS) <
jdsmith@microsoft.com> wrote:

There still appears to be significant concern about the feature maintaining
> its optional status.  I’d be interested in others comments on this.  My own
> take is that the non-real time aspect of the feature make it poorly suited
> to binding features to its presence.
>

If I understand Jerry’s take correctly, he thinks that secure release
without real-time enforcement is not meaningful enough to bind features
(and thus segment) based on it. There’s only one content provider that can
provide real world insight on this issue:

Mark, does Netflix require clients to implement secure release in order to
receive content or certain qualities of content?


> I’ve previously said that having it supported on a subset of UAs can still
> add value, with no feature binding involved.  Broad UA support is
> preferable, but doesn’t seem a requirement for the feature to be justified.
>

Can you explain why secure release can still add value (without feature
binding) if only a subset of UAs support it? If this is the only (reliable)
mechanism a content provider supports for detecting/preventing concurrent
license attacks, attackers would just use the other UAs. Thus, it would
seem that without feature binding, this feature is only useful if all UAs
support it or the content provider only provides content to UAs that
support it. Am I missing something?


>
>
> Jerry
>
>
>
Received on Wednesday, 6 May 2015 23:39:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 6 May 2015 23:39:32 UTC