Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Tuesday September 19 2017, @12:37AM   Printer-friendly
from the community-consensus dept.

Submitted via IRC for boru

Dear Jeff, Tim, and colleagues, In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing "Encrypted Media Extensions," an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the use of its patent pool, its staff support, and its moral authority to the idea that browsers can and should be designed to cede control over key aspects from users to remote parties.

[...] The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew — and the large corporate members continued to reject any meaningful compromise — the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. In essence, a core of EME proponents was able to impose its will on the Consortium, over the wishes of a sizeable group of objectors — and every person who uses the web. The Director decided to personally override every single objection raised by the members, articulating several benefits that EME offered over the DRM that HTML5 had made impossible.

[...] We believe they will regret that choice. Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they'll be able to ensure no one ever subjects them to the same innovative pressures.

[...] Effective today, EFF is resigning from the W3C.

Thank you,

Cory Doctorow
Advisory Committee Representative to the W3C for the Electronic Frontier Foundation

Source: https://www.eff.org/deeplinks/2017/09/open-letter-w3c-director-ceo-team-and-membership


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Mykl on Tuesday September 19 2017, @01:43AM (30 children)

    by Mykl (1112) on Tuesday September 19 2017, @01:43AM (#570006)

    Let's assume that this EME API gets through, because it almost certainly will.

    It's success in the marketplace will depend on several factors:
    1 - Browsers actively supporting it
    2 - Content providers encoding their video using it
    3 - Customers agreeing to consume it

    1. I'm pretty sure that there will be a few browsers (particularly Linux-focused) that will decide to not support the API. At a minimum, I expect that using the API will remain a configurable option in the browser (well, perhaps not Safari if Apple is going to push their video offerings with this)

    2. I would imagine that the majority of content encoded with EME will be stuff that you already need to pay for today. Anything currently free (YouTube, PornHub, Twitch etc) will, I suspect, remain free of this. I fully expect all of the various streaming services (Netflix, Hulu, whatever crap Disney is putting out etc) to be all over this

    3. Vote with your wallet. If nobody ends up using content encoded with EME, then it won't be worth putting it up there.

    As a final point, it's worth remembering the fate of Flash. While it was very handy for a while, it eventually died from being full of exploits, and for consuming too many resources. The same could well be true of EME. Only time will tell.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 3, Interesting) by jcross on Tuesday September 19 2017, @01:59AM (12 children)

    by jcross (4009) on Tuesday September 19 2017, @01:59AM (#570011)

    I think you're right. And to some extent the market has already decided, because Netflix et al aren't currently pushing out video in straight HTML5 formats; as I understand it they're using browser plugins to do their DRM, at least in Chrome. So this standard would in theory make it so they only have to target a single system rather than one per browser. You likely still won't be able to watch Netflix on Chromium, although there might be some fights about whether it should be added to make the browser fully standards-compliant. Maybe it becomes an optional plugin there. The W3C's stamp of approval is disappointing for sure, but I'm just not seeing how this changes the landscape much.

    • (Score: 4, Interesting) by Grishnakh on Tuesday September 19 2017, @02:55AM (11 children)

      by Grishnakh (2831) on Tuesday September 19 2017, @02:55AM (#570031)

      And to some extent the market has already decided, because Netflix et al aren't currently pushing out video in straight HTML5 formats; as I understand it they're using browser plugins to do their DRM, at least in Chrome.

      Maybe I'm mistaken, but I thought Netflix et al were already using this standard, it just hadn't yet been quite finalized. We can already watch Netflix on Linux using Chrome (not Chromium).

      The W3C's stamp of approval is disappointing for sure, but I'm just not seeing how this changes the landscape much.

      I agree; I think they're just rubberstamping what Google has already put into Chrome, and has probably already been built into Safari and Edge. Firefox and Chromium and the minor open-source browsers are the holdouts.

      Also, remember what things were like before this: to watch Netflix, you had to use Silverlight, which of course wasn't available on Linux (some people did come up with a workaround called "pipelight", but it was quickly rendered obsolete by the move to browser-based decryption), or you just had to go without. Companies that wanted to DRM their content were already doing it long before this standard was proposed, using proprietary plug-ins like Flash and Silverlight. So yeah, I don't see how this really changes anything. Perhaps the worry is that everyone and their brother will start using it, unlike now where it's only certain large players like Netflix. Imagine if Youtube's stuff was all DRMed; we wouldn't be able to download anything on there with youtube-dl.

      • (Score: 3, Insightful) by Anonymous Coward on Tuesday September 19 2017, @03:05AM (5 children)

        by Anonymous Coward on Tuesday September 19 2017, @03:05AM (#570037)

        People are also worrying because this makes digital restrictions management officially accepted as part of a major standard, which can give the appearance of it being ethical on some level. DRM should be condemned in the harshest terms for restricting users, and especially so by organizations like the W3C.

        • (Score: 4, Insightful) by melikamp on Tuesday September 19 2017, @08:09AM (4 children)

          by melikamp (1886) on Tuesday September 19 2017, @08:09AM (#570111) Journal

          Thanks, AC. More to the point, EFF is right to run like hell. An ethical equivalent of this fine deed would be a technical standard for torture: "make the ropes this tight, turn so many degrees...", or something like that. WTF is DRM, anyway? It's a pure con, no silver lining. There's no need for DRM on a kiosk-type thingy, as it just does with physical protection. There's no such thing as DRM on a personal computer, because that thing just does whatever I tell it to, thank you very much libreware. The only place DRM is even feasible is a sleazy rental that spies on you for no other reason than you are trapped by an oppressive government or an equally oppressive market force, or (sigh) you are channeling Homer Simpson and just buying the first thing you see advertised on a freeway. In that last case, we can't really help, just as we cannot help people who like being tortured, but I do believe most of us are in the much bigger trapped category. And we don't need this standard at all, in fact it's an amazingly brazen insult, rather than a technical standard. And we can do a standard, can't we? And make sure our libreware Web browsers support the real standard, which doesn't start by bending user over? I don't know, talking to some people, I feel a lot of doubt about this, which I find perplexing, as to me it just seems like another fork. adblock plus [wikipedia.org] all over.

          Anyways, here's my 2013 email to TBL, I think he might have printed it out and wiped with it, as is his right, but I hope you enjoy it :)

          Dear Mr. Berners-Lee,

          As a Web user, I believe W3C is making a grave mistake by accepting a notion of digital restriction management in a Web standard. The only conceivable goal of a Web standard such as HTML 5 is to make it possible for users (such as myself) to browse the Web and enjoy its full functionality simply by using a standard-compliant Web browser. No informed user considers DRM a "functionality": in fact, it is easy to argue that it's a bug from the point of view of every user, and a "feature" only in the eyes of a few intellectual monopolists, almost all of them giant multinational corporations. These players are neither the major users of the Web, nor its primary intended benefactors, an no standard should cater to their needs if it comes at a cost to the users.

          Having said that, I would like to appeal to you personally, since I understand that the argument above can be taken apart and countered. What I am going to say next, though, is not an argument but a prediction of an extremely likely outcome which will affect you personally. Unless W3C removes DRM from the standard and pledges not to put it back, both the standard and W3C (and everyone in W3C responsible for this decision) will quickly become irrelevant to the development of the Web. None of the free browsers will implement the standard; instead, a new standard will be rapidly forked or developed from scratch by a few volunteers, adapted by the free software community, and become the de facto replacement for HTML 4 and XTHML 1.

          My kindest regards, and many thanks for helping to create an open and user-friendly WWW we have today.

          • (Score: 2) by Wootery on Tuesday September 19 2017, @01:03PM (1 child)

            by Wootery (2341) on Tuesday September 19 2017, @01:03PM (#570168)

            Mr. Berners-Lee

            My my, the Interwebs tell me you're right. I'd always assumed he had a PhD.

            • (Score: 1, Funny) by Anonymous Coward on Tuesday September 19 2017, @03:57PM

              by Anonymous Coward on Tuesday September 19 2017, @03:57PM (#570228)

              Crazier yet, Cory Doctorow isn't a doctor either.

          • (Score: 4, Informative) by NotSanguine on Tuesday September 19 2017, @04:58PM (1 child)

            by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Tuesday September 19 2017, @04:58PM (#570255) Homepage Journal

            As with most things, the Golden Rule [quoteinvestigator.com] applies.

            Who are the members [w3.org] of the W3C? How much do they pay [w3.org] for that privilege? Who else makes monetary contributions [w3.org] to the W3C?

            When you answer (you're welcome) those questions, the people upon whom pressure needs to be brought becomes clear.

            Tim Berners-Lee is a figurehead. Those that matter are the ones paying the bills.

            Many of the members might have an interest in opposing DRM and many members have a vested interest in supporting DRM.

            Individuals are not members of the W3C, it's corporations and other organizations who pay anywhere from US $2,250.00 to US $77,000.00 (depending on the size of the organization) in the US (I didn't investigate other countries, but you can at the W3C Membership costs link [w3.org] I posted above). These folks aren't just giving away their money because they want to make the world a better place, they're doing so to achieve specific goals which, for many of these companies, includes DRM.

            IMHO, letter writing campaigns and negative publicity are completely useless for an organization which survives on contributions from many who not only support DRM, but feel that their business models depend upon it.

            Perhaps I'm too cynical, but that's the way I see it.

            --
            No, no, you're not thinking; you're just being logical. --Niels Bohr
            • (Score: 2) by melikamp on Tuesday September 19 2017, @06:24PM

              by melikamp (1886) on Tuesday September 19 2017, @06:24PM (#570294) Journal
              Totally, and the only reason I took my time to write to TBL is that I have plenty of respect for the guy and his work, and didn't want to see a bucket of garbage water dumped on him as well, but hey, to each his own, right? Whatever floats his boat.
      • (Score: 0) by Anonymous Coward on Tuesday September 19 2017, @09:37AM (1 child)

        by Anonymous Coward on Tuesday September 19 2017, @09:37AM (#570128)

        Silvershite was such a piece of crap as well. On a slow connection it would only buffer a tiny amount however long you waited, making shows unwatchable. Maybe the publisher could reconfigure that but they didn't.

        • (Score: 1) by anubi on Wednesday September 20 2017, @05:34AM

          by anubi (2828) on Wednesday September 20 2017, @05:34AM (#570536) Journal

          Yeh, I installed it too, and had the same result. Unusable.

          Trashed it as unworkable with consumer-grade ISPs.

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 2) by Chromium_One on Tuesday September 19 2017, @04:21PM (1 child)

        by Chromium_One (4574) on Tuesday September 19 2017, @04:21PM (#570242)

        We can already watch Netflix on Linux using Chrome (not Chromium).

        No, the widevine plugin works under Chromium. Check if your distribution offers it repackaged or not. Mine does. Also Netflix works just fine on recent Firefox on Linux.

        --
        When you live in a sick society, everything you do is wrong.
        • (Score: 2) by jasassin on Wednesday September 20 2017, @11:20PM

          by jasassin (3566) <jasassin@gmail.com> on Wednesday September 20 2017, @11:20PM (#570896) Homepage Journal

          Also Netflix works just fine on recent Firefox on Linux.

          Firefox works great, but with NetFlix it only supports 720p. On my e2180 CPU Firefox works great. They recently (maybe six months to a year) fucked up Chrome on Linux so bad I can't even play standard definition video stuttering without stuttering! Chrome is shit for Netflix on any OS. Load a Netflix video and press cntrl-alt-shift-d and it toggles a diagnostic display of the current playback. Chrome drops frames like hot potatoes. Firefox doesn't drop a single frame on my system.

          --
          jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
      • (Score: 2) by jasassin on Wednesday September 20 2017, @10:02PM

        by jasassin (3566) <jasassin@gmail.com> on Wednesday September 20 2017, @10:02PM (#570869) Homepage Journal

        Imagine if Youtube's stuff was all DRMed; we wouldn't be able to download anything on there with youtube-dl.

        That would ruin YouTube for me! My computer, under Linux (no browser video hardware acceleration), cannot play 1080p video (MPV works great). I really hope they don't go this route.

        --
        jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
  • (Score: 4, Insightful) by Snotnose on Tuesday September 19 2017, @02:02AM (3 children)

    by Snotnose (1623) on Tuesday September 19 2017, @02:02AM (#570013)

    1. I'm pretty sure that there will be a few browsers (particularly Linux-focused) that will decide to not support the API. At a minimum, I expect that using the API will remain a configurable option in the browser (well, perhaps not Safari if Apple is going to push their video offerings with this)

    there goes 1% of your market

    2. I would imagine that the majority of content encoded with EME will be stuff that you already need to pay for today. Anything currently free (YouTube, PornHub, Twitch etc) will, I suspect, remain free of this. I fully expect all of the various streaming services (Netflix, Hulu, whatever crap Disney is putting out etc) to be all over this

    Yeah, this sucks

    3. Vote with your wallet. If nobody ends up using content encoded with EME, then it won't be worth putting it up there.
    As a final point, it's worth remembering the fate of Flash. While it was very handy for a while, it eventually died from being full of exploits, and for consuming too many resources. The same could well be true of EME. Only time will tell.

    99% of consumers have no clue. What's sad is this tech evidently gives a route to making services like Ad Block Plus and Ublock Origin ineffective, which IMHO is the worst possible outcome.

    A couple months ago I had to use my sister's laptop for something. Jeebus, what a fricken waste. Spent 10 minutes installing ublock origin and noscript, and she was all over me in how much better her web browisng experience was.

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    • (Score: 3, Interesting) by TheGratefulNet on Tuesday September 19 2017, @04:49AM (1 child)

      by TheGratefulNet (659) on Tuesday September 19 2017, @04:49AM (#570070)

      if I can't root my phone, I can't install good blockers.

      the raw web is NASTY without blockers.

      when you live behind a blocked wall (lol), life is not too bad, online. then, you go to someone else's machine and see their unblocked web experience. as you noticed, its like a quiet room vs an airport runway.

      I don't know if there are good blockers for the iphone. apple locks lots of stuff down, so I'm not sure what they have, but its one reason why I never considered buying an iphone. all my android phones have been rooted and suitable blockers installed.

      could you imagine if they taught this in public schools? imagine if kids were really taught about life, instead of the synthetic things they often spend time 'learning' at school. if the teachers sat down with the kids and leveled with them; told them the purpose behind advertising and how invasive it now is, when you are online. what a raw vs blocked web looks like. how to install and maintain filters and such. just imagine how cool an INFORMED society would be!

      the main reason I'm using firefox is the value of the plugins and how much time I've spent refining the filters. every so often, FF breaks their plugins and that is inexcusable to me. I'm on a very old version of FF just because the value of the browser is its plugins, at this point.

      --
      "It is now safe to switch off your computer."
      • (Score: 3, Informative) by Sourcery42 on Tuesday September 19 2017, @04:32PM

        by Sourcery42 (6400) on Tuesday September 19 2017, @04:32PM (#570248)

        If you ever want to block ads system wide on an android look into DNS66. I didn't want to unlock the bootloader or root my kid's phone. This works great for sanitizing the web and apps without root, and it doesn't seem to hurt performance. https://f-droid.org/packages/org.jak_linux.dns66/ [f-droid.org]

    • (Score: 0) by Anonymous Coward on Tuesday September 19 2017, @06:19AM

      by Anonymous Coward on Tuesday September 19 2017, @06:19AM (#570087)

      Your sister was all over you? Eeew.

  • (Score: 2, Insightful) by Anonymous Coward on Tuesday September 19 2017, @02:02AM

    by Anonymous Coward on Tuesday September 19 2017, @02:02AM (#570014)

    >Anything currently free (YouTube, PornHub, Twitch etc) will, I suspect, remain free of this

    Are you kidding me? That's preposterous. This is the home movie industry, the people who with a straight face compare the invention of VCRs to the Boston Strangler.

    Any free video on the internet isn't free, it's being paid for with ads. The last thing Youtube wants is for you to rip their movie and reupload it somewhere else. They lose money and eyeballs. So of course they're going to encrypt every single second of video on their entire website. Giant corporations with buildings full of lawyers love nothing better than to massively inconvenience all their customers if it will save them a dollar.

  • (Score: 2) by stretch611 on Tuesday September 19 2017, @02:09AM (4 children)

    by stretch611 (6199) on Tuesday September 19 2017, @02:09AM (#570016)

    I'm not so sure...

    Definitely, most of the paid content will move to use EME... but I suspect some free content will move as well. The free content requires advertising in order to obtain revenue. Their problem is that they do not serve advertisements on content that is downloaded. EME will prevent easily downloading streamed content and will lock up the free content behind the advertising wall.

    For this reason, I'm sure Google will incorporate EME into chrome. While Apple did piss off the advertising people with the recent release of Safari, they still have to play nice with the content industry due to all the content distributed through itunes... so, Safari will probably get it as well. I would suspect that Firefox may hold off initially, especially if there is any mass complaining about EME; after all, it costs more developer resources to implement EME, than it does to ignore it.

    No real wallet when choosing browsers, but I agree if people avoid the browsers with EME, it will eventually be dropped. However, I don't believe the non-geeks are going to care or notice a difference. So unfortunately, it appears that EME is coming and its time for smart people to swap to non-mainstream browsers.

    I also agree that your comparison to flash is accurate, and will eventually happen. Unfortunately, it will not happen until after EME takes over the masses.

    --
    Now with 5 covid vaccine shots/boosters altering my DNA :P
    • (Score: 5, Informative) by urza9814 on Tuesday September 19 2017, @02:44AM (3 children)

      by urza9814 (3954) on Tuesday September 19 2017, @02:44AM (#570026) Journal

      I would suspect that Firefox may hold off initially, especially if there is any mass complaining about EME; after all, it costs more developer resources to implement EME, than it does to ignore it.

      Well, they *did*...back around 2014. But by now Firefox *already* supports EME (on Windows...). You can disable it, but it's on by default. Chrome/Safari/IE/Edge also support it; not sure if it can be disabled on those.
      https://en.wikipedia.org/wiki/Encrypted_Media_Extensions#Support [wikipedia.org]

      If you want to disable it on Firefox, head to about:preferences#content and look for the "Play DRM Content" checkbox. I don't think that option even exists on Linux installs (due to no EME support there yet), but can't verify at the moment as I'm currently on a Windows system at work.

      The one way Firefox is better is they've apparently designed it specifically to resist attempts to track or identify specific users through the DRM tools. And, again, they do provide a switch to disable it. But if you want a browser that just doesn't and won't support it at all you probably want to be looking at something like Pale Moon...

      • (Score: 2) by Magic Oddball on Tuesday September 19 2017, @08:04AM (1 child)

        by Magic Oddball (3847) on Tuesday September 19 2017, @08:04AM (#570108) Journal

        If you want to disable it on Firefox, head to about:preferences#content and look for the "Play DRM Content" checkbox. I don't think that option even exists on Linux installs (due to no EME support there yet)….

        Not sure about Firefox, but I'm running PCLinuxOS and see this in Pale Moon's preferences window under Content:
        |Video|
        - Enable Media Source Extensions (MSE)
        - Use MSE asynchronously
        - Enable MSE for MP4 video
        - Enable MSE for WebM video

        • (Score: 2) by urza9814 on Tuesday September 19 2017, @09:47PM

          by urza9814 (3954) on Tuesday September 19 2017, @09:47PM (#570379) Journal

          If you want to disable it on Firefox, head to about:preferences#content and look for the "Play DRM Content" checkbox. I don't think that option even exists on Linux installs (due to no EME support there yet)….

          Not sure about Firefox, but I'm running PCLinuxOS and see this in Pale Moon's preferences window under Content:
          |Video|
          - Enable Media Source Extensions (MSE)
          - Use MSE asynchronously
          - Enable MSE for MP4 video
          - Enable MSE for WebM video

          MSE is a completely different part of the standard. That's just for regular video streams, not for DRM content.

          MSE: https://www.w3.org/TR/media-source/ [w3.org]
          EME: https://www.w3.org/TR/encrypted-media/ [w3.org]

      • (Score: 2) by Magic Oddball on Tuesday September 19 2017, @08:09AM

        by Magic Oddball (3847) on Tuesday September 19 2017, @08:09AM (#570110) Journal

        Ignore my earlier comment — I just realized that I wasn't paying close enough attention and mixed up EME with MSE.

  • (Score: 1, Interesting) by Anonymous Coward on Tuesday September 19 2017, @02:24AM (5 children)

    by Anonymous Coward on Tuesday September 19 2017, @02:24AM (#570021)

    It's success in the marketplace will depend on several factors:
    1 - Browsers actively supporting it
    2 - Content providers encoding their video using it
    3 - Customers agreeing to consume it

    1. Who builds the browers? All those who have had "the call" or "the visit" and are compliant with the movie magic club's wishes.
    2. Content providers will be able to use it, use it, or go away and die.
    3. The average person using the brower or software does not know anything technical. The smartphone or laptop is a toaster, an appliance that came pre-loaded from the store with what the salesman said was the latest and best. The few that care or know (like you dear reader), don't count as the 99.96% plough straight on into the abyss.

    The internet, is over. But like the Hotel California, you can check-out but you can never leave. We are hooked to it whatever happens. And "they" know it.

    • (Score: 1, Interesting) by Anonymous Coward on Tuesday September 19 2017, @05:13AM (4 children)

      by Anonymous Coward on Tuesday September 19 2017, @05:13AM (#570077)

      The internet, is over.

      It.bloody.well.isn't.

      Firstly, the internet is more than the WWW, and the WWW is more than the shit indexed by Google and others.

      As to the WWW,

      The 'sanctioned' and 'sanitised' World Wide Web as indexed by Google et al and polluted by all those fine 'content providers' may be terminally borked / infested with suits'n'crooks, sure, that's a problem, and there's a lot more 'noise' than 'signal' in search returns nowadays, so if we want to work within the framework of the current system initially we go 'old school' and start putting back up maintained/curated pages of topic related links until we get a distributed search engine in place which works.

      Hell, why don't we improve the signal to noise ratio by going one step further, let's fork the WWW.

      Pick a new high port number as the standard, mandate encryption, initially keep the current server software unless things get 'blobby' there as well, pick a single browser codebase as standard, fork it, remove any 'cruft', modify it to point to the new high port number and/or recognise only a new URI along the lines of FUWWW://server:port and let's start over and use the new system if for information sharing only, no shopping, no entertainment 'services' etc. we use our normal browsers and the WWW for that.

      I'm sorry If I'm going to sound 'elitist' but I no longer really care if your average internet user never gets to use any current or future 'alternative' service born out of the current dissatisfaction with the way the WWW is going, they're happy, so let them keep Google etc.

      • (Score: 1, Interesting) by Anonymous Coward on Tuesday September 19 2017, @07:47AM (3 children)

        by Anonymous Coward on Tuesday September 19 2017, @07:47AM (#570100)

        mandate encryption

        So, you'd rather stuff Verisigns coffers than the MAFIAAs?

        Unless you propose to make DANE a requirement - the current EME supporting browsers refuse to support DANE, because that would mean we could encrypt without paying Verisign et. al.

        (And no, let's encrypt is not an answer unless they redesign their protocol, which has been deliberately designed to be as cumbersome as possible to ensure that anyone who wants a smooth experience still pays their Verisign tax).

        • (Score: 3, Touché) by TheRaven on Tuesday September 19 2017, @09:09AM (1 child)

          by TheRaven (270) on Tuesday September 19 2017, @09:09AM (#570123) Journal

          So, you'd rather stuff Verisigns coffers than the MAFIAAs?

          You know Verisign hasn't run a CA for about five years, right?

          --
          sudo mod me up
          • (Score: 2) by Pino P on Tuesday September 19 2017, @03:11PM

            by Pino P (4721) on Tuesday September 19 2017, @03:11PM (#570204) Journal

            Verisign doesn't run a CA, but it does run things that CAs check before issuing a certificate. Namely, it runs two root name servers and the authoritative registry for several top-level domains. This means it earns a cut with or without DANE.

            In order to get a TLS certificate trusted by browsers, you need to buy a domain and keep it renewed. This is because the CA/Browser Forum's Baseline Requirements specify that hostnames in the subjectAltName field refer to a fully-qualified domain name in the public name servers, not some reserved or made-up TLD such as .local (mDNS), .internal, or .test. DANE wouldn't help either, as even if browsers trusted the DNSSEC root zone signing key, they wouldn't trust the zone signing key associated with a made-up TLD. So anyone who wants to run HTTPS over a home LAN and have it trusted by non-technical visiting friends and family needs to first buy a domain.

        • (Score: 0) by Anonymous Coward on Tuesday September 19 2017, @09:35AM

          by Anonymous Coward on Tuesday September 19 2017, @09:35AM (#570126)

          So, you'd rather stuff Verisigns coffers than the MAFIAAs?

          FSM No!
          If people want to be fleeced royally for a 'chain of mistrust' certificate for encrypted traffic for commerce etc then they stick to the current web and browsers.

          Unless you propose to make DANE a requirement - the current EME supporting browsers refuse to support DANE

          What I'm thinking is we fork a browser codebase anyway, strip all the crap out of it, so DANE would be a solution, at least, short term.
          The point is, we fork..and end up with (crudely) what is now a commercial WWW and browsers capable of accessing that content, and a forked browser sans DRM etc capable of accessing a seperate non-commercial WWW..same protocol, same html, same server software, different port number. Yes it means running two browsers, but some of us already run more than that thanks to the way content on some sites borks depending on which browser you use. If, after this creation, there's a divergence between the way the commercially driven W3C web develops and the FTW3C web develops, then all the better.

          Of course, there is nothing we can do to stop them trying to pollute any new scheme with their crap, nature of the beast I'm afraid.

          (And no, let's encrypt is not an answer..)

          Tell me about it!, cumbersome isn't the word, don't think there is a word in the english language invested with enough invective to sum up my feelings about the process...

          As I've avoided any serious network related jiggery-pokery for a couple of decades now, I think I'll have a trawl through the current browser lists and codebases for inspiration.

  • (Score: 2) by Bot on Tuesday September 19 2017, @09:46AM

    by Bot (3902) on Tuesday September 19 2017, @09:46AM (#570132) Journal

    I agree with voting with your wallet. Only, I don't expect it to yield results. Finance ate economy. It is more like a political statement.

    --
    Account abandoned.