> So vague paranoia about the web "evolving" into something bad is why this shouldn't be allowed?
We should be paranoid. Media companies do not have our interests or the interests of an open web at heart. Give an inch and they'll take a mile. Why shouldn't they? The fact is that DRM benefits media companies almost exclusively while seriously harming user freedom. That's not vague paranoia, and imagining it evolving into something worse isn't an unfounded fear either.
> I can open an HTTPS connection to gmail.com, I still need to provide some credentials for anything to happen.
Do you mean logging in to Gmail? That has nothing to do with HTTPS. HTTPS ensures that two parties can communicate in any way they wish without being eavesdropped on. (And it also suggests trust, but that's a different issue and the spec allows the same eavesdropping protection using self-signed certificates.)
>We should be paranoid. Media companies do not have our interests or the interests of an open web at heart. Give an inch and they'll take a mile. Why shouldn't they? The fact is that DRM benefits media companies almost exclusively while seriously harming user freedom. That's not vague paranoia, and imagining it evolving into something worse isn't an unfounded fear either.
It is vague paranoia. You're still just throwing out rhetoric without any concrete reasons. It doesn't harm user freedom, I don't know how to express this any clearer: "THEY'RE ALREADY DISTRIBUTING THROUGH DRM-ENABLED PLUGINS". All this would do is standardize it and allow users to access DRM content from website like hulu/netflix without needing two different private closed-source plugins.
>Do you mean logging in to Gmail? That has nothing to do with HTTPS. HTTPS ensures that two parties can communicate in any way they wish without being eavesdropped on. (And it also suggests trust, but that's a different issue and the spec allows the same eavesdropping protection using self-signed certificates.)
>In fact in most any client/server HTTPS connection one party is going to have what amounts to "total control". I don't understand how DRM within HTML is fundamentally changing that situation. It's just giving the server copy protection over the media it allows the client to access. It eliminates the need for plugins such as silverlight/flash/etc. that are already being used. It's not like these content companies hand out their media unprotected as it stands.
You're still ignoring the meat of my argument. Lets just drop the whole HTTPS analogy/credentials analogy. The rest of what I said is still valid.
> It is vague paranoia. You're still just throwing out rhetoric without any concrete reasons. It doesn't harm user freedom, I don't know how to express this any clearer: "THEY'RE ALREADY DISTRIBUTING THROUGH DRM-ENABLED PLUGINS". All this would do is standardize it and allow users to access DRM content from website like hulu/netflix without needing two different private closed-source plugins.
The only way to get DRM to work is to require a closed-source browser. If you implement your DRM in open-source browser code, that code will almost certainly end up patched to produce decrypted/unprotected output and the patch would then be redistributed.
Ultimately, you cannot combine technology that prevents the end user from doing what they want with open-source software that attempts to guarantee such rights.
I agree that would be a problem, but I understand there would be a way to implement the current proposal without requiring a browser to be closed source.
It's not a perfect method, it would require some additional potentially closed-source OS-level software to be installed for the browser to interact with. But people who don't want it don't have to get it, and the browser can implement the standard without becoming closed-source.
That's also true, but as you point out, still requires a closed-source or a hardware DRM decoder to avoid kernel-level attacks. That would seem to rule out Linux support even if Windows or OS X Firefox/Chrome can safely use it.
We should be paranoid. Media companies do not have our interests or the interests of an open web at heart. Give an inch and they'll take a mile. Why shouldn't they? The fact is that DRM benefits media companies almost exclusively while seriously harming user freedom. That's not vague paranoia, and imagining it evolving into something worse isn't an unfounded fear either.
> I can open an HTTPS connection to gmail.com, I still need to provide some credentials for anything to happen.
Do you mean logging in to Gmail? That has nothing to do with HTTPS. HTTPS ensures that two parties can communicate in any way they wish without being eavesdropped on. (And it also suggests trust, but that's a different issue and the spec allows the same eavesdropping protection using self-signed certificates.)