Hacker News new | past | comments | ask | show | jobs | submit login

Right, and it's also worth highlighting here the meaning of these "protection" levels:

L1 - all content processing and cryptography operations are handled inside a CPU that supports a Trusted Execution Environment (TEE).

L2 - only cryptography operations are handled inside a TEE.

L3 - content processing and cryptography operations are (intentionally) handled outside of a TEE, or the device doesn't support a TEE.

This suggests that the media industry only trust you to receive their content if they have some degree of control over what your device is doing. There's an obvious logic to them setting such a requirement, but it does mean rolling out a world wide system where critical security components underpinning our digital societies are resistant to inspection and transparency, by design (and, in many cases, with the full force of the law).

I feel that ultimately this will create a precarious situation and introduce risks that are not justified.




> a world wide system where critical security components [...] are resistant to inspection and transparency, by design (and, in many cases, with the full force of the law).

Fun sci-fi exercise: what happens when you mandate legal backdoors for general-purpose crypto, but lock down content so tight that it's NSA-resistant?


I can imagine some cypherpunks in this sci-fi world creating a crypto-system where the keying data is sent as media files (possibly requiring a new movie studio to be created as a cover story).

Unfortunately I can also imagine that the NSA give themselves backdoors that can even get past the legally-mandated DRM, and the media industries would accept this.


But backdoors will always, always leak in the end. That might well be where the story begins.


What do these levels mean on, say, Windows? What would the TEE be?


On Intel machines and windows, the TEE is Intel SGX for some DRM implementations (not necessarily widevine's).


(IIRC, unsubstantiated) Windows clients use Windows’ DRM implementation, not WideVine.


Chrome and Firefox use Widevine DRM at L3 (software implementation). Edge and IE use PlayReady (which has support for hardware DRM, optinally selectable by the app/website).


There isn't any, so it looks like it would be L3: https://storage.googleapis.com/wvdocs/Widevine_DRM_Architect...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: