W3C home > Mailing lists > Public > public-html@w3.org > March 2012

Re: Encrypted Media proposal (was RE: ISSUE-179: av_param - Chairs Solicit Alternate Proposals or Counter-Proposals)

From: Henri Sivonen <hsivonen@iki.fi>
Date: Fri, 2 Mar 2012 14:23:27 +0200
Message-ID: <CAJQvAudAEutBFJdR7yQZNkLcpN=CcdJAVL1C9+Cru_=hEmxZ4g@mail.gmail.com>
To: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Cc: Mark Watson <watsonm@netflix.com>, "<public-html@w3.org>" <public-html@w3.org>
On Fri, Mar 2, 2012 at 1:07 PM, Silvia Pfeiffer
<silviapfeiffer1@gmail.com> wrote:
> On Fri, Mar 2, 2012 at 8:41 PM, Henri Sivonen <hsivonen@iki.fi> wrote:
>> On Thu, Mar 1, 2012 at 11:57 PM, Mark Watson <watsonm@netflix.com> wrote:
>>> The underlying content protection systems are things like PlayReady (from
>>> Microsoft), Widevine (from Google) and Marlin. Adobe have something, but I
>>> don't know what they call it.
>> As a co-proposer, does Microsoft plan to integrate PlayReady into IE?
>> As a co-proposer, does Google plan to integrate Widevine into Chrome?
>> Do the co-proposers plan to make their CDMs available to other
>> browsers? Do the co-proposers plan to provide APIs that'd allow adding
>> other CDMs to their browsers?
> I'm confused. I thought the whole idea of the proposal was to just
> provide an API for adding CDMs into browsers such that when you have
> the library installed on your computer, any browser is able to make
> use of it, no matter if it's Google's Widevine library or Microsoft's
> PlayReady - e.g. Firefox would be able to make use of these and any
> other CDM library. There would be no need to implement something
> additional into browsers.

So far, what's been proposed is a JS API for initializing the use of a
CDM from a Web page. As far as I can tell, so far no proprietor of
technology that could power a CDM has said anything about if and how
they plan to make their potentially CDM-powering technology pluggable
into browsers. That's why I'm asking the above questions.

As far as I can tell from Microsoft's PlayReady site, right now if you
want to write a Windows apps that uses the PlayReady subsystem, you
need execute a special (and virtually certainly open
source-incompatible) agreement with Microsoft (and pay Microsoft
recurring fees). If I've misunderstood, please correct me.


PlayReady, Marlin and Widevine (and, from making inferences from the
UI, Adobe's Flash DRM, too) support use cases that aren't essential
for Web video. Web video could go a long way with streaming-only DRM.
For streaming, it's enough for the DRM to work during streaming. That
is, secrets in the CDM can be ephemeral. PlayReady, Marlin and
Widevine are designed to support use cases where the end user holds
onto encrypted media files for extended periods of time. This means
that secrets in the CDM need to stay secret for extended periods of
time and there's a lot of red tape about protecting those secrets for
extended periods of time, since it's a big deal if the secrets leak.
For the streaming use case, if the CDM secrets are compromised, the
CDM could be updated soon with new and differently obfuscated secrets,
since it's OK to invalidate keys related to past streams. Thus, the
red tape around protecting CDM secrets doesn't need to be as severe as
with PlayReady, Marlin or Widevine.

Even if we accepted the idea of CDMs that contain secrets, it seems
like a bad idea to tie browsers to CDMs whose secret management
regimes' level of red tape is geared towards use cases that aren't
essential for streaming video on the Web.

Henri Sivonen
Received on Friday, 2 March 2012 12:23:55 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:49 UTC