[mcot2]

I don't care how it gets done, but if we need this to finally kill off flash than I am for it. This problem is solved technically so let's just get it done. Yes, every DRM will eventually be broken, but at least it satisfies the executives enough, so what's the problem?

I don't understand why purists on the email list end up holding up something that will ultimately be a positive thing from a number of perspectives. Security, battery life, and script-able/touch friendly controls.

[nitrogen]

We want to kill Flash because it's proprietary and closed source (just like HTML DRM). Replacing Flash, which at least works on Linux, Windows, and Mac, with platform-specific DRM, is a huge step backward for the web.

[mcot2]

Not really. I want to get rid of Flash because of security, battery life/performance and because it is not touch friendly.

[espadrine]

Security, battery life and touch-friendliness aren't necessarily the most renown features of a DRM binary blob.

Communicating with the blob in an open-source project will be particularly fun.

[duncan_bayne]

Because those purists - and I'm one - care very deeply about the principles of the Open Web, the very principles that are touted on the W3C website itself.

The fundamental issue is this: up until now, anyone with the will to do so and a general purpose computer could build a browser that could display all the content on a W3C-standards-compliant website.

If EME + CDM are endorsed, then that will no longer be true. The Open Web will be a thing of the past.

That is why we're trying to prevent this from going forward in its current form.

[mcot2]

I don't even understand what the term "Open Web" even means. I don't see how driving video on the web away from flash and onto a standardized system is against the principals of openness, even if DRM is a requirement for content creators.

[duncan_bayne]

Because it's not standardised! Only the interop between the browser and CDM is standardised - the CDM itself is a closed-source, proprietary blob like Flash or Silverlight.

[makomk]

Actually, it's worse than that. The interop between the browser and CDM isn't standardised at all. The only thing this standardises is the browser API that websites should use to request that the browser communicate with the CDM on their behalf.

The interface between the browser and the CDM is proprietary and unspecified, so browser vendors and CDM providers have to negotiate that themselves. The format of the encrypted binary messages passed to the Javascript API is proprietary and unspecified. The API used to communicate with the license server is also proprietary and unspecified, so it doesn't even provide much interop from the media provider perspective - they still have to write a whole bunch of DRM-provider-specific code for every DRM scheme, and it looks like every browser vendor will have their own one.

Basically, it standardises just enough to give media providers the ability to claim they're using pure HTML5, without offering any more interoperability than if every browser vendor just had their own proprietary HTML5 extension for DRM. It's a PR stunt rather than a meaningful attempt at interoperability.

[watwut]

What is exact benefit of driving web away flash? It would make sense if the alternative would be open, but it is not.

[w-ll]

> Yes, every DRM will eventually be broken, but at least it satisfies the executives enough, so what's the problem?

Executives are never satisfied, and the world doesn't revolve around them. Should we allow tapping of our communications because it satisfies our leaders.

> Security, battery life, and script-able/touch friendly controls.

And what do any of these have to do with DRM? In fact, I can guarantee DRM will offer more vulnerable entry points, require more battery on mobile devices, and not be script/ux friendly.

[mcot2]

They will be satisfied enough to offer HTML5 video. The point is killing off Flash. It is a lot easier to secure a smallish DRM module in a browser than a gigantic environment like Flash.

[fpgeek]

Not really.

"Securing" a DRM plugin means "securing" the browser it runs in (otherwise it will be cracked by the browser lying to it about whether DRMed media is being played "securely"), which means "securing" the OS the browser runs on and so on...

[duncan_bayne]

Oh yeah, and in terms of being a purist - the company I co-founded produced a DRM system for Windows software. It's still in use, and I still make money from feature enhancements and bugfixes to it.

So please don't (like a few on the W3 list) paint me as some sort of anticapitalist hippie tinfoil-hat wearer.

I know a fair bit about DRM myself, which is why I say it has no place in the W3C or the Open Web.

[mcot2]

We have basically two options here. DRM for video and audio streams will be introduced by each browser vendor separately, or we have some kind of standard. I would rather see a standards based approach... This is reality. The merits of DRM really have nothing to do with this discussion.

[duncan_bayne]

What is the purpose of a standards based approach, if one cannot implement the standard? That is the reality that EME + CDM offers: 'standards' that can only be implemented by the company that owns the proprietary, closed-source CDM blob.

[mcv]

So the only solution is to make the propriety, closed-source CDM blob independent from the browser. Something that can be plugged into any browser. Like Flash or Silverlight. Or maybe something more specialized that just handles the DRM with as little overhead as possible, to make sure it doesn't eat up more CPU than it should.

If it cannot be open, it cannot be part of browsers that are open, which a lot of browsers are.

[zobzu]

note that, flash playback is still the default at most websites because HTML5 video playback generally sucks. its less efficient and provides a lesser experience in all major browsers.

Eventually this will change, but still.

That and of course, that NO single benefit is worth giving way to DRM. NONE. DRMs are a terrible invention from all points of view.

[mcot2]

You would only see big investment in HTML5 video if big content sites could use it. Currently most of them want DRM...