Re: Encrypted Media proposal: Summary of the discussion so far from Mark Watson on 2012-03-09 (public-html@w3.org from March 2012)

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 9 Mar 2012 17:44:46 +0000
To: Charles Pritchard <chuck@jumis.com>
CC: "<robert@ocallahan.org>" <robert@ocallahan.org>, Tab Atkins Jr. <jackalmage@gmail.com>, Glenn Adams <glenn@skynav.com>, Philip Jägenstedt <philipj@opera.com>, "<public-html@w3.org>" <public-html@w3.org>
Message-ID: <D4263E03-56D9-4F7A-848A-F92B7253ACC3@netflix.com>

On Mar 8, 2012, at 4:15 PM, Charles Pritchard wrote:

In my imaginary life, I would write a CDMs baseline using websockets masking key, and add it to that specification as the default keysystem.
<http://tools.ietf.org/html/rfc6455>
Vendors and authors have mature websockets masking code.
http://tools.ietf.org/html/rfc6455#section-5.3
http://dev.w3.org/html5/websockets/

Content would be masked on the network (CDN?) all the way through to the media element (CDMs) stream processing.
So the network sends the whole file websockets masked, it gets unmasked by the browser as the file is read.
This would typically look like a blob:*: uri to debugging tools when running a url inspector.

Charles - I'm not sure I understand the point of using WebSockets masking.

I just read that part of the spec, and masking appears intended to avoid data being inadvertently interpreted by intermediaries, since it was discovered that some intermediaries would interpret HTTP requests embedded in websockets frames and this could open the possibility of a cache poisoning attack.

In this case we do not have any such problem of accidental interpretation of media data. Masking doesn't hide the data from anyone deliberately trying to read it.

What am I missing ?

...Mark

Received on Friday, 9 March 2012 17:45:21 UTC