How security and privacy pros can help save the web from legal threats over vulnerability disclosure


#1

[Read the post]


#2

The proposal was updated in May.

W3C: This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems.


#3

There is no use for EME except as part of a DRM system. The fact that the key proponents of EME have rejected a covenant not to use the DMCA (something they could only do if EME was a DRM in any event) tells you that they, too, view it as a DRM, even if they don’t like to talk about it that way.


#4

no one is denying that it will be used to access and discover DRM implementations, but the DRM isn’t baked into the spec right?

It is just providing standardized API for access points and discovery, which means that security researchers aren’t at risk with working with things like browsers that implement the API access and discovery points, only if they dig into the DRM itself which is appropriately separated. Same as it is today. Is that incorrect? Am I missing something?

I’m not a fan of DRM, but I also don’t see how this spec is adding any risk to any group, if anything it seems to be improving the situation from what we currently have.


#5

This topic was automatically closed after 5 days. New replies are no longer allowed.