This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
On the "Goals" section. Third line reads like this: "Support a range of content security models, including software and hardware-based models" If I understand it well, it says some CDM may require specific hardware (i.e. a crippled graphics card). I find this to be unbearable. Seriously do you pretend to approve a standard which would lead to remove users freedom to general purpose computing?
Nothing in the specification requires special hardware. Nothing in the specification restricts access to a device's computing capabilities, general-purpose or otherwise. Some devices may have hardware content protection capabilities(*). The sentence quoted is intended to require that EME enable applications to make use of such capabilities, when they are available. It is clear that such capabilities will not always be available, hence software solutions are required as well. Since the concerns are unfounded, I suggest this bug be closed as a non-issue. (*) by 'hardware content protection capabilities' I also include software running in a Trusted Execution Environment where the security of the TEE is hardware-backed in some way.
I suggest to introduce this addition: "The use of hardware protection schemes won't be mandatory in any case".
(In reply to Julio Cesar Serrano from comment #2) > I suggest to introduce this addition: "The use of hardware protection > schemes won't be mandatory in any case". Do you mean "This specification does not mandate the use of hardware content protection schemes" ?
Yes, I think that could work. I'm sorry. English isn't my mother tongue.
Ok, I have no problem with that statement. However the specification doesn't mandate the use of software content protection schemes either. And I think, rather than use the words 'mandate the use of' - because the specification doesn't 'mandate' anyone to 'use' anything - we should say whether compliance to the specification requires X, Y, Z. With this wording we could say 'This specification supports both software and hardware content protection schemes but does not require either for compliance.'
(In reply to Mark Watson from comment #5) > Ok, I have no problem with that statement. However the specification doesn't > mandate the use of software content protection schemes either. > > And I think, rather than use the words 'mandate the use of' - because the > specification doesn't 'mandate' anyone to 'use' anything - we should say > whether compliance to the specification requires X, Y, Z. With this wording > we could say > > 'This specification supports both software and hardware content protection > schemes but does not require either for compliance.' Sorry, but I think that sentence is too open. What I want to express is... that no application should force or encourage people to install new hardware for improved protection in order to access the content. But if such hardware is already present in the user computer, then and only then it is Ok to use it. Please, may you word the appropriate sentence?
(In reply to Julio Cesar Serrano from comment #6) > (In reply to Mark Watson from comment #5) > > Ok, I have no problem with that statement. However the specification doesn't > > mandate the use of software content protection schemes either. > > > > And I think, rather than use the words 'mandate the use of' - because the > > specification doesn't 'mandate' anyone to 'use' anything - we should say > > whether compliance to the specification requires X, Y, Z. With this wording > > we could say > > > > 'This specification supports both software and hardware content protection > > schemes but does not require either for compliance.' > > Sorry, but I think that sentence is too open. What I want to express is... > that no application should force or encourage people to install new hardware > for improved protection in order to access the content. But if such hardware > is already present in the user computer, then and only then it is Ok to use > it. > > Please, may you word the appropriate sentence? That's difficult, because you are asking for a requirement on applications and it is not applications that implement the EME specification it's browsers. It's hard for W3C specifications to place requirements on applications that use the web platform except by requiring browsers to police application behavior. We could say that UAs should not rely exclusively on optional hardware components for their implementation of EME CDMs. This is a recommendation to UA implementors, but it does not constrain applications. We could even say (though I doubt the UA implementors would agree) that UAs must do some policing to ensure that a version of any given content item is available in a form suitable for playback entirely in software before that UA would allow the same content item to be played back (possibly at higher quality) through a hardware solution. I hope you'll agree that it's difficult to imagine what that policing could be in practice.
It is late. My mind can be of no use now. I am now convinced that CDM design should be also under the scope of EME Draft. On the contrary, we are giving a white card to companies with the excuse of trying to protect content. Content protection is not equal to a white card. I might agree to allow some secrets to exists, but we should be able to define CDM structure and restrictions as well.
I propose removing the Goals section. It has repeatedly led to confusion and does not belong in a spec (it is left over from the initial proposal).
This was discussed on the telcon 10/15: http://www.w3.org/2013/10/15-html-media-minutes.html The group agreed to remove the goals section.
Removed the goals section: https://dvcs.w3.org/hg/html-media/rev/a5acef5bbe69