- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Fri, 2 Mar 2012 14:23:27 +0200
- To: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
- Cc: Mark Watson <watsonm@netflix.com>, "<public-html@w3.org>" <public-html@w3.org>
On Fri, Mar 2, 2012 at 1:07 PM, Silvia Pfeiffer <silviapfeiffer1@gmail.com> wrote: > On Fri, Mar 2, 2012 at 8:41 PM, Henri Sivonen <hsivonen@iki.fi> wrote: >> On Thu, Mar 1, 2012 at 11:57 PM, Mark Watson <watsonm@netflix.com> wrote: >>> The underlying content protection systems are things like PlayReady (from >>> Microsoft), Widevine (from Google) and Marlin. Adobe have something, but I >>> don't know what they call it. >> >> As a co-proposer, does Microsoft plan to integrate PlayReady into IE? >> As a co-proposer, does Google plan to integrate Widevine into Chrome? >> Do the co-proposers plan to make their CDMs available to other >> browsers? Do the co-proposers plan to provide APIs that'd allow adding >> other CDMs to their browsers? > > I'm confused. I thought the whole idea of the proposal was to just > provide an API for adding CDMs into browsers such that when you have > the library installed on your computer, any browser is able to make > use of it, no matter if it's Google's Widevine library or Microsoft's > PlayReady - e.g. Firefox would be able to make use of these and any > other CDM library. There would be no need to implement something > additional into browsers. So far, what's been proposed is a JS API for initializing the use of a CDM from a Web page. As far as I can tell, so far no proprietor of technology that could power a CDM has said anything about if and how they plan to make their potentially CDM-powering technology pluggable into browsers. That's why I'm asking the above questions. As far as I can tell from Microsoft's PlayReady site, right now if you want to write a Windows apps that uses the PlayReady subsystem, you need execute a special (and virtually certainly open source-incompatible) agreement with Microsoft (and pay Microsoft recurring fees). If I've misunderstood, please correct me. Aside: PlayReady, Marlin and Widevine (and, from making inferences from the UI, Adobe's Flash DRM, too) support use cases that aren't essential for Web video. Web video could go a long way with streaming-only DRM. For streaming, it's enough for the DRM to work during streaming. That is, secrets in the CDM can be ephemeral. PlayReady, Marlin and Widevine are designed to support use cases where the end user holds onto encrypted media files for extended periods of time. This means that secrets in the CDM need to stay secret for extended periods of time and there's a lot of red tape about protecting those secrets for extended periods of time, since it's a big deal if the secrets leak. For the streaming use case, if the CDM secrets are compromised, the CDM could be updated soon with new and differently obfuscated secrets, since it's OK to invalidate keys related to past streams. Thus, the red tape around protecting CDM secrets doesn't need to be as severe as with PlayReady, Marlin or Widevine. Even if we accepted the idea of CDMs that contain secrets, it seems like a bad idea to tie browsers to CDMs whose secret management regimes' level of red tape is geared towards use cases that aren't essential for streaming video on the Web. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Friday, 2 March 2012 12:23:55 UTC