[Novalug] EFF to Security Researchers: Tell the W3C To Protect Researchers Who Investigate Browsers

John Holland jholland@vin-dit.org
Wed Mar 30 18:51:21 EDT 2016


> On Mar 30, 2016, at 6:43 PM, Bryan Smith <b.j.smith@ieee.org> wrote:
> 
> John Holland wrote:
>> In a way I like the idea of a standard for DRM, but there are some problems-
>> 1. tech is changing so fast, de facto standard(s) like iTunes may supplant official ones
> 
> iTunes is the de facto standard?
> I guess I missed out on that one, with all my Amazon purchases.

I meant that historically - showing my age �� 
> 
>> 2. whoever (w3c? DARPA? RIAA?) controls the standard may exercise control (censorship) over content
> 
> They control HTML5 DRM?
> Are people missing the standard here?

just hypothetically  -  for instance SSL certs that go back to mainstream vendors cost money, etc
> 
>> 3. can it be done in a pretty open way? I think PGP and HTTPS work pretty well, but they don’t handle money.
> 
> Ummm ... isn't that what the DRM interface in HTML5 is trying to do
> ... for HTTP (including HTTP-SSL for transfer of private keys)?  ;)
> 

I don’t actually know anything about the DRM in HTML5, was just speaking hypothetically.
> Provide a PKI and related tracking facility, a standard set of
> interfaces, routines and OS-agnostic facilities, which establishes the
> content-consumer relationship.  The former provides the keying, the
> latter gets keys.
> 
>> 4. Will it be tied to proprietary OSs or applications?
> 
> Isn't the purpose of HTML5 to get away from that, in all interfaces?
> 
>> 5. will it interfere with people developing applications that work with it?
> 
> Ummm, again, isn't that the purpose of HTML5?
> 
>> I have at times been an advocate for everything being wide open
>> but I don’t feel that way these days.
> 
> It's an interface with requirements people.
> 
> That means it's documented, it is platform-agnostic, and gets away
> from things having any non-HTML5, non-HTTP protocol based
> dependencies.
> 
> If it's not in HTML5, it definite _will_ be 1-2 vendors (or their
> self-interested "consortiums") taking proprietary control.  That I can
> almost guarantee!
> 
> 


I think we’re kind of in agreement about this stuff actually……..





> 
> --
> Bryan J Smith  -  http://www.linkedin.com/in/bjsmith
> E-mail:  b.j.smith at ieee.org  or  me at bjsmith.me





More information about the Novalug mailing list