- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Wed, 29 Feb 2012 09:34:26 +0200
- To: Mark Watson <watsonm@netflix.com>
- Cc: Glenn Adams <glenn@skynav.com>, "<john@netpurgatory.com>" <john@netpurgatory.com>, Andreas Kuckartz <A.Kuckartz@ping.de>, "HTML WG (public-html@w3.org)" <public-html@w3.org>, Adrian Bateman <adrianba@microsoft.com>, Maciej Stachowiak <mjs@apple.com>, David Dorwin <ddorwin@google.com>
On Tue, Feb 28, 2012 at 3:55 AM, Mark Watson <watsonm@netflix.com> wrote: > > On Feb 26, 2012, at 11:01 PM, Henri Sivonen wrote: > > (If you are OK with revealing the unscrambled content > to the user and only want to hide it from third parties, you just use > https.) > > On this point, specifically, the user, content provider or both may also > wish to hide the content from third parties whilst it is stored on network > servers as well as during transport. http services from CDNs are cheaper > than https services and https brings with it a number of operational > complexities. I see. If the CDN is treated as an adversary but the user isn't, there's no need for open-ended vendor-specific CDMs, to address this case. Instead, it would make more sense to standardize one general-purpose HTTP payload decryption layer (using a flavor of AES that encrypts every run of n bytes independently so that seeking can work without having to read the stream from the beginning) like Hixie said in the other thread. A single mechanism that doesn't have secret parts of implementation is superior to pluggable CDMs, because a single non-secret standard mechanism avoids vendor lock-in. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Wednesday, 29 February 2012 07:34:54 UTC