• Home
• Reviews
• News
• Downloads
• CNET TV

About me

My posting summary

1 to 1 of 1

My comments

• It does not sound like Kevin "debunked" the article.
  
  I think what Adobe is saying is that Reuters uncovered a security flaw in the Adobe/Amazon solution.
  
  I think they have also shown that RTMPE is not an adquete subsitute for a proper content secutity solution. Link level protocol scrambling is only part of the need. Also it has shown that RTMPE is a tool that is subject to human error and misconfiguration.
  
  Since Adobe states in thier documentation that RTMPE does not perform a key exchange, this means that the keys must either be embeded in the Adobe client or it is not really encryption but instead may be just obfuscation or mutation. None meet the robustness requirements for key management and key generation that are typcally found in the major motion picture security guidelines.
  
  In the digital media space where content passes through many hands and networks it is important to have perisitent encryption from the point of encoding to consumption. With persistent then any streaming, P2P or PDL server could be used.
  
  Additionally the Flash Player does not have protections post the decryption function which is why the newer tools (WM Capture) mentioned by Reuter's Update 1 seem to still be effective.
  
  It appears that Amazon/Adobe have only moved the attack points both up and downstream a little bit.
  
  I think a proper DRM is in order here to protect all the VOD distributers reveune streams.

  September 29, 2008

  0 replies