Re: No policy? Re: Is EME usable regardless of the software/hardware I use ?

On Fri, Jun 7, 2013 at 2:01 AM, piranna@gmail.com <piranna@gmail.com> wrote:

> > I also find it strange that so many of the people arguing strongly for
> non-DRM solutions to this problem do not seem interested in developing or
> experimenting with them.
> >
> People is not interested because as I told you, they are not willingly to
> go against their own rights without at least a huge check in front of them.
> Anyway, since I couldn't get to sleep tonight, I have been thinking about
> my proposed AES mechanism studying the use case and the flaws and how to
> solve them, and the conclusion was that althought it's posible to develop
> it in a Open Source way using an architecture model similar to SSH and TLS
> and also allowing personal copies just storing the keys and the encrypted
> data or registering the computers somewhat similar to Steam platform, the
> fact is that the weakest slabon is just the computer and the media player,
> since you could compile your own patched version capable of rip and store
> the content once it's decoded, or patch it in binary form (this include the
> closed CDMs) just to allow this, in the same way someone could use a
> patched browser that removes the limitations on protected media that
> proposes ACTION 11 and the ones that by definition open browsers will don't
> want to implement, so with this "open source example implementation" using
> militar-grade encryption, it's get showed that EME, CDMs and DRM are broken
> by definition, since as I told you on other mails, the weakest slabon is
> the user and their own PC will broke always here.


I don't quite understand your 'proposed AES mechanism' based on the emails
you have sent, but you should remember that the important feature of any
content protection system is not whether it is breakable or not (nothing is
impossible, as you point out), but exactly how difficult it is to break and
in what form the break can be propagated.

Some examples: if someone with considerable expertise can obtain
unencrypted files and post these to a torrent site, that is one thing. If
they can do it at a rate of 100s of movies per hour that's different from
if they can only do it in real time. If it's possible to create and
distribute a custom build of a browser which enables saving of protected
content as an unencrypted file that is another thing and if someone could
create a website which anyone can visit with an off-the-shelf browser that
allows them to proxy to a legitimate site and then save protected content
as an unencrypted file that is again another thing.

The robustness of a content protection system is not a binary thing, so
there is a lot of space for solutions with different properties.

...Mark

Received on Friday, 7 June 2013 19:05:36 UTC