- From: cobaco <cobaco@freemen.be>
- Date: Thu, 17 Oct 2013 22:44:07 +0200
- To: "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
On 2013-10-16 12:08 you wrote: > On Sun, Oct 13, 2013 at 7:05 AM, cobaco <cobaco@freemen.be> wrote: > > On 2013-10-12 09:27 Mark Watson wrote: > We're considering a user of a proprietary operating system who today is > watching content using Microsoft Silverlight. Starting with the precondition of a proprietary system is just not acceptable Users of the web very much includes those on systems like cyagenmod, Debian (and its many offshoots), and other Free OSes. Those users *need* to be part of the considerations, simply dismissing them out of hand is just not on. The web is an amazingly diverse place device and operating system wise, we want to keep it that way. W3C in fact explicitly states 'web on everything' as a design principle [1], 'on everything' includes on free software OSes Implementability and interoperability without permission is *the* key property of the web that makes that diversity possible. EME+CDM violates that property and thus is in conflict with W3C design principles As you've pointed out repeatedly the traditional movie industry demands walled gardens, and is consequently going to go the DRM route even without W3C. However, a walled garden -by definition- is something that's not for everyone, which means any walled garden conflicts with the stated design principles of the W3C [1] W3C should not be helping the creation of walled gardens (or the tool to build those gardens), as that is in factual opposition to the 'web on everyting' design principle. EME is a tool to create walled gardesn, as such W3C cannot pass EME without being seen to violate it's principles Massive loss of trust in W3C and W3C standards will be the result of going that route. > We have three models that have been mooted for the CDM: > (a) a purely software CDM running in user space If the object is to stop copying (as is the claim of DRM-proponents), then this approach is something that simply cannot possibly work: In order to have any hope at all of being 'robust' DRM *needs* to be able to check what the OS does on a low level, and it *needs* to be able to override the OS. That simply cannot be done completely in user space (at least not without becoming outright malware) > For (a) the footprint / attack surface of the CDM is clearly much smaller > than that of Silverlight. > We do not yet know what additional controls the UA may be able to place on > the functions of such a CDM, but certainly they will be no worse than the > situation with Silverlight today and could be better No it isn't: in both cases you're pulling in a userspace black box, in both cases that black box is writen in a turing-complete language, so... in both cases the potential for abuse is equally big > (b) a CDM built into the operating system (which may or may not be running > in user space) > For (b) remember that the whole operating system is an opaque component. I > don't see any reason so consider the CDM drop as any different from the OS > ocean. your OS may be an opaque component... mine isn't and that's true for an increasing number of users. now, if the industry was willing to document and make transparent those CDM's then (and only then) it can be implemented everywhere, thus meeting the W3C design principles > (c) a CDM running in a Trusted Execution Environment somewhere in the system > In the case that the OS is not from Microsoft, the user has moved > from having opaque software provided by a vendor of the content provider's > choice (Silverlight provided by Microsoft) to only having opaque components > provided by a vendor of their own choice - which is surely an improvement. The security maxim goes 'trust but verify' Opaque blobs make that impossible, that's a fundemental problem of any black box approach An opaque block of code, especially at the OS level, could be doing literally anything, with you none the wiser. In a post-snowden and increasingly authoritarian world there is not a single company I trust with that kind of power on my machines > For (c) the whole point of a TEE is to be secure. The API surface of a TEE > is highly constrained to this end. IIUC, the TEE is a totally separate > environment from the main OS with it's own kernel and limited communication > between the TEE and the rest of the system. I'm not really an expert in > this option, but it seems to me there is plenty of scope for constraining a > TEE-bound CDM to doing only and exactly what it is supposed to do. I take it that by TEE you're talking about hardware enforced cryptographic code signing, ala UEFI? In which case the question is, who controls the keys for a given machine? That *should* be the user (as it's his machine)... in which case TEE adds absolutely nothing from an anti-copying perspective If it's not the user controlling the keys, then in a very real sense it's not actually the user's machine... In which case whoever controls the keys had better be paying for the machine and its upkeep, cause I (for one) sure won't > > > For the second group, since they cannot access any protected content > > > today, > > cannot *legally* access protected content (and even that much is untrue in > > parts of the world like the Netherlands where downloading itself is > > perfectly legal) > > > > a fact that makes for a different picture altogether > I wonder if we should just take it as a baseline that what we're > discussing here is ways to access content that do not involve piracy. piracy is a part of the internet landscape piracy is here to stay the industry can't just say: "lets pretend it doesn't exist and start from there" (well not and be taken seriously in any case) so no, we can't take that as a baseline > Our objective should be to provide users with such options. Arguing that we > don't need to solve this problem because users can always resort to > supporting piracy doesn't help those users who would prefer not to do that. if the industry wants piracy to go away then they'll need to provide options that are better then piracy Non-breakable DRM is incompatible with general purpose computers, that to me makes DRM a worse option by far then piracy (that DRM is also incredibly annoying doesn't help that one bit) Happily there's plenty of other stuff out there. Production of content has litterally grown exponentially the last decade, and that growth shows no signs of stopping (cause being that the general purpose computer combined with the internet has drastically lowered barriers to entry) If there wasn't enough non-drm quality entertainment out there (there is), and my choice actually was piracy or DRM (it isn't) ... then I'd choose piracy each and every time, and so would an awfull lot of people. Something being illegal has never stopped people from getting any particular good and never willl. That's especially true for digital piracy where the entrance to the black market is so very very easy (certainly compared to any other black market) [1] http://www.w3.org/Consortium/mission#principles -- Cheers
Received on Thursday, 17 October 2013 20:44:36 UTC