Part 6: Inband key rotation - Question regarding pssh

[dsilhavy]

Hi,
I just wanted to share a discussion we had in the dash.js group regarding inband key rotation. Please feel free to move this or close if not relevant.

• Disucssion link: Refactor protection and fix key rotation dash.js#3805

Description

Basically the question is if the pssh also changes once the key is rotated? For me this was not clearly stated in Section 9.3. The basic workflow of an EME based player is as follows:

1. Throw the segment into MSE buffer
2. An encrypted event is thrown by the EME. The encrypted event contains the DRM init data to generate a keymessage using session.generateRequest
3. From Section 9.3 I understand that the KID in moof/traf/sgpd changes when the key is rotated. This is not part of the DRM init data and would need to be parsed from the corresponding segment.

Problem statement

Based on the workflow described above: How would a client map the init data from the encrypted event to the KID in the moof/traf/sgpd? . How do I know exactly which encrypted event corresponds to which segment? Events can be delayed. In addition, audio and video segments are fetched and appended in parallel. How do I map the encrypted event to audio or video? For me step 3 below is unclear:

1. Throw the segment into MSE buffer
2. An encrypted event is thrown by the EME. The encrypted event contains the DRM init data to forward to the CDM to generate a keymessage using session.generateRequest
3. Check if the kid in moof/traf/sgpd has changed. The right media segment for the encrypted event has to be identified
4. If kid has changed create a new key session and issue a license request

Current dash.js implementation

Currently we rely on the pssh to change once the key is rotated. If the pssh changes we can simply compare the initdata to the initdata we saw previously. If this has changed we create a new key session and issue a license request.

[lpiron]

This is more an EME issue than a DASH-IF issue. The EME API, for my understanding, is not really made for supporting key rotation, this looks like a V2 feature, still to be delivered. There are some simple case (change of Period) that can be supported, but others seem difficult. See here, a bit old but it links to more recent threads by the end of the discussion. Maybe it would be good to understand where W3C stands for the EME V2, what would be the solution they are considering. No idea on my side, not a W3C member.
That been said, I would not recommend to use the pssh as an indication of key rotation as the content of the pssh is DRM specific. Doing so means that you trust that a change of the pssh means a change of the key ID, very likely but not 100% sure. The KID in the moof/traf/sgpd is indeed the only one that gives the information.

[dsilhavy]

@lpiron Thank you for the feedback I will try to check this. Feel free to close this issue since there is no concrete action item for the IOP document here.