Mark Watson: > For the first group EME does not represent any change with respect to > this issue - except that the scope of the opaque component will be > dramatically reduced.
In practice Google has already demonstrated with Chromebook that the opaque component with EME has been extended to the whole operating system. > consider what such a solution would need to look like: we would need a > non-user-modifiable component that was completely user-verifiable. > That is, which a user could look into in such a way that they can > obtain complete confidence about what it does - at least functionally, > up to some numerical values that may not be easily observable. > > Creating such a thing is challenging, but I don't know anyone who > would not welcome it if such a thing was created. Perhaps you could > get part of the way with multiple trusted third parties who were > provided with the information needed to verify the opaque components > and who would then publish their findings with a hash of the opaque > blob ? But this would not be good enough for everyone. For those who are interested in debates within the open source communities: There are are discussions and activities regarding Reproducible (Deterministic) Builds. Their aim is to protect against similar attack models. See: https://wiki.debian.org/ReproducibleBuilds (especially the links in the References section) Cheers, Andreas
