How is a third-party black-box module decoding it to a specific point on the viewport a "world better" than Flash, a third-party black-box module, decoding it to a specific point on the viewpoint?
The former doesn't include redundant duplication of functionality and other bells and whistles. Since the only objective is decrypting content it'll presumably be more practical to port (and reverse engineer) and ship with fewer security vulnerabilities.
It's by no means perfect, but the less that can be delegated to a plugin the better in my view. I don't see this as an ideal choice, just a pragmatic choice for a better option given the circumstances.
My quantification for "a world better" relies on the subjective judgement that Flash is worlds worse than some mystery crypto blob. I believe that to be the case.
Since the topic is DRM, and DRM only works if you don't know how it works...
> Since the only objective is decrypting content it'll presumably be more practical to port (and reverse engineer)
I cannot comprehend the confusion of ideas that could provoke such a suggestion. Do you really believe open source platforms will get an open source module? Do you think it'll be anything but a black box whose nature, by definition, precludes anyone knowing what it does? Where will you get your guarantees about security vulnerabilities, when the very nature of the code will be, must be such that it is as difficult to discern its purpose and mechanism of operation as possible.
Perhaps I could have been more clear; when I say "porting" I mean from the perspective of a vendor. The current status quo is that content is available only where Adobe can be bothered to provide Flash. Given that constructing a "secure" black is a smaller task than providing a standardised runtime environment, it's feasible that vendors might target more than just Windows and OSX. This has nothing to do with source availability.
w.r.t easier reverse engineering, given the behaviour is constrained to the target blob and the interface is standardised, liberating content should be simplified. As far as security vulnerabilities go the choice still remains, run the blob or don't view the content.
The same can be said of Flash, however. The other side of that coin is that content will never be available DRM free, so I'm not sure if it's an important point; mobile content delivery is normally achieved via apps, or in the BBC iPlayer's case, in the browser, "protected" by a client certificate.
Practicality of porting was never a driving concern for Flash: it was business viability. I don't expect any more platforms to be supported than are today.
Flash is a considerably larger undertaking than a plugin though; if the interface is standard shipping on different platforms should just involve setting up appropriate QA and another make target.
At the very least, the decision of what platforms lies with the provider trying to extract money from the market, rather than one of its suppliers - that's surely an improvement?
In theory it could be more portable. In practice, though, it's looking like the actual CDMs released will all tie into platform-specific DRM at a much deeper level than Flash ever did, and content providers are insisting CDMs do this just because they can.
