Re: Media Stack: closed source only Re: Encrypted Media proposal (was RE: ISSUE-179: av_param - Chairs Solicit Alternate Proposals or Counter-Proposals)

On Feb 28, 2012, at 12:17 PM, Andreas Kuckartz wrote:

I have had a closer look at the proposal.

The component labeled "Media Stack" has access to the decrypted frames.
If I understand it correctly then to "protect" the content from users
implies that this component can not be Open Source without defeating the
stated purpose.

Correct?

Not quite, but with apologies that this is not clear in the document. Please see http://lists.w3.org/Archives/Public/public-html/2012Feb/0432.html


These sentences in the proposal are also interesting in this context:

"Protecting the content key would require that the browser's media stack
have some secret that cannot easily be obtained. This is the type of
thing DRM solutions provide. Establishing a standard mechanism to
support this is beyond the scope of HTML5 standards and should be
deferred to specific user agent solutions. In addition, it is not
something that fully open source browsers could natively support."

So the plan with the Encrypted Media proposal is to create the
foundation for "specific user agent solutions" which "open source
browsers" can not "natively support."

Correct? Or do I misunderstand anything?

What is said above is that fully open source browsers might not be able to support DRM within the browser itself, but they could certainly make use of CDMs.

IANAL, but my understanding is that 'free software' as defined in GPLv3 is expressly prohibited by that license from supporting things like DRM - where the user cannot easily make arbitrary modifications to the code and retain all the original functionality. So it depends a little what you mean by 'open source'.


This question and answer could not be clearer:

"Can a user agent protect the rendering path or protect the uncompressed
content after decoding?
Yes, a user agent could use platform-specific capabilities to protect
the rendering path."

I would like to see an example of a content provider who cares about
"content protection" so much that he demands using a "Content Decryption
Module" but does not demand such "platform-specific capabilities to
protect the rendering path".

The requirements of content providers vary by provider, by content and by device (and probably on other axes too). You should not expect to see an enumeration of them in this discussion: that's one of the reasons for the CDM concept.

There certainly exist DRM solutions that are entirely software, not relying on any special platform or hardware capabilities. I would assume that those are less secure than hardware based solutions, though I am not expert enough on the details to sat definitively and it probably depends how you measure "secure".


Cheers,
Andreas

Received on Tuesday, 28 February 2012 21:12:58 UTC