Comment Re:So what is your suggestion then? (Score 1) 412
This is actually the best solution. The "browser pluggable module" makes this system not much better than Flash or Silverlight. It's not architecture independent, and not secure. If the plugin is automatically downloaded, than it'll have to be very heavily sandboxed to keep a malicious website from sending malware instead. If the plugin has to be installed manually, it's not any different from Flash except that you have to install multiple ones for different sites's DRM schemes.
Javascript is the best solution for making it work across multiple browsers. It's already standardized and implemented, and it's architecture and platform independent. Hulu and Netflix can't send it plain, since Hollywood would complain, but a JS solution would be secure enough. Java and
The main issues would be speed and API difficulties. To support this, it would be best for browsers to implement:
- A standardized Javascript crypto library implementing common, patent-free algorithms like AES, RSA, and DSA. This would make implementing the DRM scheme easier, keep the decryption fast, and could take advantage of hardware optimizations (AES-NI).
- Hooks for decrypting video content. Let the browser play the video, but have it invoke a JS event that could decrypt the content before it is played.
- Optional: A "secure memory" object for storing the keys. This might provide Hollywood with enough security that they'd let something like this fly.