[EME] Removed FAQ.
authorDavid Dorwin <ddorwin@google.com>
Mon, 06 May 2013 17:27:08 -0700
changeset 117 60cca843f269
parent 116 41f749af979d
child 118 f22443e178f2
[EME] Removed FAQ.
encrypted-media/encrypted-media.html
encrypted-media/encrypted-media.xml
--- a/encrypted-media/encrypted-media.html	Mon May 06 17:04:40 2013 -0700
+++ b/encrypted-media/encrypted-media.html	Mon May 06 17:27:08 2013 -0700
@@ -161,15 +161,7 @@
           <li><a href="#iso">7.2. ISO Base Media File Format</a></li>
         </ul></li>
       <li><a href="#examples">8. Examples</a></li>
-      <li><a href="#faq">9. FAQ</a></li>
-        <li><ul style="list-style-type:none">
-          <li><a href="#faq-use-cases">9.1. Use Cases</a></li>
-          <li><a href="#faq-use">9.2. Use</a></li>
-          <li><a href="#faq-api">9.3. API</a></li>
-          <li><a href="#faq-source">9.4. Source, Containers, and Streams</a></li>
-          <li><a href="#faq-protection">9.5. Content and Key Protection</a></li>
-        </ul></li>
-      <li><a href="#revision-history">10. Revision History</a></li>
+      <li><a href="#revision-history">9. Revision History</a></li>
     </ul>
 
 
@@ -1291,168 +1283,7 @@
     </div>
 
 
-    <h2 id="faq">9. FAQ</h2>
-    <p><i>This section and its subsections are non-normative.</i></p>
-
-    <h3 id="faq-use-cases">9.1. Use Cases</h3>
-
-    <h4 id="faq-what-use-cases" class="faqquestion">What use cases does this support?</h4>
-    <p class="faqanswer">Everything from user-generated content to be shared with family (user is not an adversary) to online radio to feature-length movies.</p>
-
-    <h4 id="faq-adaptive-streaming" class="faqquestion">Is this proposal compatible with adaptive streaming?</h4>
-    <p class="faqanswer">Yes, this proposal is compatible with both "Type 1" and "Type 3" <a href="http://www.w3.org/2011/webtv/wiki/MPTF/HTML_adaptive_calls">adaptive streaming modes</a> as defined by the <a href="http://www.w3.org/2011/webtv/">W3C Web &amp; TV Interest Group</a>.</p>
-    <ul>
-      <li>If adaptive streaming is handled within the user agent (Type 1), the adaptive implementation can expose the events and methods needed to provide key(s) for the streams via the APIs in this proposal.</li>
-      <li>If adaptive streaming is handled in the application/JavaScript (Type 3), behavior should be very similar to the non-adaptive case.
-      For example, the <a href="http://dvcs.w3.org/hg/html-media/raw-file/tip/media-source/media-source.html">Media Source Extensions</a> allow the application to provide a dynamic <code>src</code>, which could be encrypted and handled just like a normal stream.
-      </li>
-    </ul>
-
-    <h4 id="faq-key-rotation" class="faqquestion">Is key rotation supported?</h4>
-    <p class="faqanswer">Yes.</p>
-
-    <h4 id="sourceelement" class="faqquestion">Can I let the user agent select the appropriate CDM using <code>&lt;source&gt;</code> elements?</h4>
-    <p class="faqanswer">Yes, using the <code><a href="#dom-sourcekeysystem">keySystem</a></code> attribute of the <code><a href="#dom-htmlsourceelement">HTMLSourceElement</a></code>.
-    When used with <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-source-type">type</a></code> attribute, this will select the first <code>&lt;source&gt;</code> element (container, codec, and <a href="#key-system">Key System</a>) that the user agent might support.
-    </p>
-
-    <h4 id="faq-heartbeat" class="faqquestion">Is a heartbeat supported?</h4>
-    <p class="faqanswer">Yes.</p>
-    <p class="faqanswer">Heartbeat is a mode of operation where the <a href="#cdm">Content Decryption Module</a> requires to receive an explicit heartbeat message from its server on a regular basis, otherwise decryption is blocked.
-    This enables use-cases requiring strict online control of access to the content.
-    Heartbeat must be supported by the CDM and is implemented in this model by supplying an expiration time or valid duration in the license provided to the CDM.
-    Before expiry of this license, the CDM must trigger a new message exchange to obtain an updated license.
-    </p>
-
-    <h3 id="faq-use">9.2. Use</h3>
-
-    <h4 id="faq-send-a-token" class="faqquestion">Can I send a token for the signed-in user with the license request?</h4>
-    <p class="faqanswer">Yes. The application can add this to the license request (sent via <code>XMLHttpRequest</code> in the <a href="#examples">examples</a>) or send it to the <a href="#cdm">CDM</a> via <code><a href="#dom-createsession">createSession()</a></code> to be included in the license request.</p>
-
-    <h4 id="faq-resume-playback" class="faqquestion">How do I resume playback after receiving the <code><a href="#dom-needkey">needkey</a></code> event in the <a href="#algorithms-enrypted-block">Encrypted Block Encountered algorithm</a>?</h4>
-    <p class="faqanswer">Assuming there are no other issues, playback will resume when the needed key is provided by <code><a href="#dom-update">update()</a></code> and processed.</p>
-
-    <h4 id="faq-multiple-cdms" class="faqquestion">Can an application use multiple content protection providers / Key Systems?</h4>
-    <p class="faqanswer">Yes, this will likely be necessary to support all or a majority of user agents.
-    An application could also use different <a href="#key-system">Key Systems</a> on a single user agent for different purposes.</p>
-
-    <h4 id="faq-multiple-key-systems" class="faqquestion">Can an <code><a href="#dom-htmlmediaelement">HTMLMediaElement</a></code> use multiple <a href="#key-system">Key System</a>s at the same time?</h4>
-    <p class="faqanswer">No.</p>
-
-    <h4 id="faq-add-cdm" class="faqquestion">How do I add support for a CDM to my application?</h4>
-    <p id="faq-cdm-library" class="faqanswer">We envision <a href="#cdm">CDM</a> providers creating JavaScript libraries that application developers can include. <code><a href="#dom-istypesupported">isTypeSupported()</a></code> can then be used to select from supported libraries.</p>
-
-    <h4 id="faq-provider-capabilities" class="faqquestion">How do I determine if the UA supports specific capabilities for a given provider?</h4>
-    <p class="faqanswer">This is vendor-/<a href="#key-system">Key System</a>-specific.</p>
-    <p class="faqanswer">Obtaining this information could take time and is open-ended, so it is not appropriate for <code><a href="#dom-istypesupported">isTypeSupported()</a></code>.
-    There is also no way for <code><a href="#dom-istypesupported">isTypeSupported()</a></code> to attest to capabilities anyway.
-    </p>
-
-    <h4 id="faq-license-url" class="faqquestion">What is a license URL (<code>licenseUrl</code>) in the examples?</h4>
-    <p class="faqanswer">This is the URL for a server capable of providing the key for the stream, usually using the <a href="#initialization-data">Initialization Data</a> and often after verifying the requesting user.
-    The URL is application- and/or <a href="#key-system">Key System</a>-specific and may be a content provider or a Key System provider depending on the solution.</p>
-
-    <h4 id="faq-too-complex" class="faqquestion">This is too complex and hard to use.</h4>
-    <p class="faqanswer">That's not a question, but we'll try to address it anyway.
-    As shown in the <a href="#examples">examples</a>, the basic use cases are reasonably simple and only require a little setup to get the key and provide it to the user agent.
-    We believe most small content sites can add basic protection to their applications with minimal efforts.</p>
-    <p class="faqanswer">The more complex cases, such as fast time to first frame and various license management algorithms, require more complex code, but professional-strength content protection is complex and that is to be expected.
-    Professional-strength content protection requires server components and working with one or more content protection vendors, so this isn't really any more complex.
-    In fact, if you implement a few solutions, it will work on any browser-based platform, avoiding the need for per-platform solutions on both the server and client.
-    The fixed set of interfaces may even lead to more consistent patterns and behavior across various solutions.
-    It is generally the large content providers that have more complex requirements, and we believe they will have the appropriate resources to implement applications that meet their requirements.
-    </p>
-    <p class="faqanswer">Providers of <a href="#cdm">content decryption modules</a> will need to provide detailed specifications for actions and events to guide content providers in designing the algorithms in their applications.
-    They can also provide a <a href="#faq-cdm-library">JavaScript libraries</a> for their solution that can be integrated into any application.
-    An application would then basically select a solution and delegate a lot of the work to the appropriate library.</p>
-
-    <h3 id="faq-api">9.3. API</h3>
-
-    <h4 id="faq-decrypt-algm" class="faqquestion">How is the decryption algorithm specified?</h4>
-    <p class="faqanswer">This is container specific. A container may standardize on a specific algorithm (i.e. AES-128) and/or allow it to be specified. The user agent must know and/or detect the appropriate algorithm to use with the key provided by this API.</p>
-
-    <h4 id="faq-advantage-key-exchange" class="faqquestion">What are the advantages of doing license/key exchange in the application?</h4>
-    <p class="faqanswer">Advantages include:</p>
-    <ul>
-      <li>
-<a href="#simple-decryption">Simple Decryption</a> works in the same way as more advanced solutions and without additional APIs.</li>
-      <li>The user agent is not responsible for deciding which decryption mechanism to use.</li>
-      <li>The application has full control (i.e. of deciding what streams to offer) and does not need to rely on errors from (or a detailed API to) the <a href="#cdm">CDM</a>.</li>
-      <li>The application can manage its own license protocol, authentication refresh, key rotation etc. without relying on changes to or specific use cases being implemented in each user agent's CDM (as long as the appropriate primitives are available in the CDM).</li>
-      <li>Error handling can be tailored to the application without needing to expose status information and failure conditions from the CDM through the API.</li>
-      <li>The content provider can decide whether and what to proxy to the (potentially third-party) license server without client modifications.</li>
-      <li>Reduces the complexity and size of the CDM.</li>
-    </ul>
-
-    <h4 id="faq-key-system-mime-type" class="faqquestion">Why isn't the <a href="#key-system">Key System</a> part of the MIME type (like codecs)?</h4>
-    <p class="faqanswer">In many cases (especially the direction the content providers and standards are moving), the stream is not specific to any one Key System or provider. Multiple Key Systems could be used to decrypt the same generic stream. Thus, the <a href="#key-system">Key System</a> is not information about the file and should not be part of the MIME type.</p>
-    <p class="faqanswer">One could argue that the encryption algorithm (e.g. AES-128) and configuration should be in the MIME type. That is not required for this proposal, so it is not addressed here.</p>
-
-    <h4 id="faq-why-additional-events" class="faqquestion">Why do we need additional events?</h4>
-    <p class="faqanswer">While many use case could be implemented without an additional event (by requiring the app to provide all the information up front), some use cases may be better handled by an event.</p>
-
-    <h4 id="faq-why-new-error-code" class="faqquestion">Why do we need a new <code><a href="#dom-mediaerror">MediaError</a></code> code?</h4>
-    <p class="faqanswer">Without a new error code (<code><a href="#dom-media_err_encrypted">MEDIA_ERR_ENCRYPTED</a></code>), it is not possible for user agents to clearly indicate to an application that playback failed because the content was encrypted and user agents will likely need to fire a <code>MEDIA_ERR_DECODE</code> or <code>MEDIA_ERR_SRC_NOT_SUPPORTED</code>, which would be confusing.</p>
-
-    <h4 id="faq-error-break-apps" class="faqquestion">Will adding a new error code to <code><a href="#dom-mediaerror">MediaError</a></code> break existing applications?</h4>
-    <p class="faqanswer">Applications that are not aware of the new error code (<code><a href="#dom-media_err_encrypted">MEDIA_ERR_ENCRYPTED</a></code>) may not correctly handle it, but they should still be able to detect that an error has occurred because a) an error event is fired and b) <var title="">media</var>. <code title="dom-media-error"><code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#mediaerror">error</a></code></code> is not null.</p>
-
-    <h4 id="faq-response-needkey" class="faqquestion">What happens if a response to the <code><a href="#dom-needkey">needkey</a></code> event from the <a href="#algorithms-encrypted-stream">First Time a Key Reference is Encountered</a> is not received before <a href="#algorithms-enrypted-block">encountering an encrypted block</a>?</h4>
-    <p class="faqanswer">The <a href="#algorithms-enrypted-block">Encrypted Block Encountered algorithm</a> will proceed as normal.</p>
-
-    <h4 id="faq-same-initdata-update" class="faqquestion">What if a key/license for the same key ID is provided more than once to <code><a href="#dom-update">update()</a></code>?</h4>
-    <p class="faqanswer">The CDM will replace previous entries, updating the overall key ordering to reflect that this key ID was most recently added.
-    In other words, simply replacing the existing key data is not sufficient.
-    The exact algorithm is covered in <code><a href="#dom-update">update()</a></code>.
-    </p>
-
-    <h3 id="faq-source">9.4. Source, Containers, and Streams</h3>
-
-    <h4 id="faq-container-codec-support" class="faqquestion">What containers and codecs are supported?</h4>
-    <p class="faqanswer">Containers and codecs are not specified. A user agent may support decryption of whichever container and codec combination(s) it wishes.</p>
-    <p class="faqanswer">If a user agent support decryption of a container/codec combination (as reported by <code><a href="#dom-istypesupported">isTypeSupported()</a></code>), it must also support <a href="#simple-decryption">Simple Decryption</a> of that combination.</p>
-
-    <h4 id="faq-container-code-indicate" class="faqquestion">What if a container/codec does not support indicating the stream or a frame/block is encrypted?</h4>
-    <p class="faqanswer">The application must use <code><a href="#dom-update">update()</a></code> to indicate the stream is encrypted and provide the key before decoding starts.</p>
-
-    <h4 id="faq-must-init-data" class="faqquestion">Must the container provide Initialization Data or a content key ID?</h4>
-    <p class="faqanswer">Yes.</p>
-
-    <h4 id="faq-adaptive-streaming-multiple-keys" class="faqquestion">Can I use different keys for each stream (<a href="#faq-adaptive-streaming">adaptive streaming</a>)?</h4>
-    <p class="faqanswer">Yes, though you may want to consider the complexity and performance drawbacks. For the best user experience, you will want to provide keys for the streams to the user agent before the switch.</p>
-
-    <h4 id="faq-elements-encrypted" class="faqquestion">What elements of the source are encrypted?</h4>
-    <p class="faqanswer">This depends on the container/codec being used. This proposal should support all cases, including entirely encrypted streams, individual frames encrypted separately, groups of frames encrypted, and portions of frames encrypted.
-    If not all blocks or frames are encrypted, the user agent should be able to easily detect this, either based on an indication in the container or the block/frame.</p>
-
-    <h4 id="faq-all-blocks-encrypted" class="faqquestion">Must all blocks/frames in a stream be encrypted?</h4>
-    <p class="faqanswer">No, subject to container/codec limitations.</p>
-
-    <h4 id="faq-ciphers-parameters" class="faqquestion">What cipher and parameters should be used for decryption?</h4>
-    <p class="faqanswer">The cipher and parameters should be implicit in or specified by the container. If some are optional, the application must know what is supported by the <a href="#cdm">CDM</a>.</p>
-
-    <h4 id="faq-simple-decryption" class="faqquestion">What cipher and parameters should be used for <a href="#simple-decryption">Simple Decryption</a>? Which must the user agent support?</h4>
-    <p class="faqanswer">As in the above question, these are either implicit in or specified by the container. User agents must support any default or baseline ciphers and parameters in the container specification. Practically, user agents should support all ciphers and parameters commonly used with the container.</p>
-
-    <h3 id="faq-protection">9.5. Content and Key Protection</h3>
-
-    <h4 id="faq-ensure-protected" class="faqquestion">Can I ensure the content key is protected without working with a content protection provider?</h4>
-    <p class="faqanswer">No. Protecting the content key would require that the browser's media stack have some secret that cannot easily be obtained. This is the type of thing DRM solutions provide. Establishing a standard mechanism to support this is beyond the scope of HTML5 standards and should be deferred to specific user agent solutions. In addition, it is not something that fully open source browsers could natively support.</p>
-    <p class="faqanswer">Content protected using this proposal without a content protection provider is still more secure and a higher barrier than providing an unencrypted file over HTTP or HTTPS. We would also argue that it is no less secure than encrypted HLS. For long streams, <a href="#faq-key-rotation">key rotation</a> can provide additional protection.</p>
-    <p class="faqanswer">It is also possible to extend the proposed specification in the future to support a more robust basic case <strong>without changing the API</strong>.</p>
-
-    <h4 id="faq-multiple-cdm-support" class="faqquestion">Can a user agent support multiple content protection providers?</h4>
-    <p class="faqanswer">Yes. The application will query the user agent's capabilities and select the <a href="#key-system">Key System</a> to use.</p>
-
-    <h4 id="faq-protect-compressed" class="faqquestion">Can a user agent protect the compressed content?</h4>
-    <p class="faqanswer">Yes, this proposal naturally supports such protection.</p>
-
-    <h4 id="faq-protect-rendering" class="faqquestion">Can a user agent protect the rendering path or protect the uncompressed content after decoding?</h4>
-    <p class="faqanswer">Yes, a user agent could use platform-specific capabilities to protect the rendering path.
-    </p>
-
-
-    <h2 id="revision-history">10. Revision History</h2>
+    <h2 id="revision-history">9. Revision History</h2>
     <table>
       <thead>
         <tr>
--- a/encrypted-media/encrypted-media.xml	Mon May 06 17:04:40 2013 -0700
+++ b/encrypted-media/encrypted-media.xml	Mon May 06 17:27:08 2013 -0700
@@ -158,15 +158,7 @@
           <li><a href="#iso">7.2. ISO Base Media File Format</a></li>
         </ul></li>
       <li><a href="#examples">8. Examples</a></li>
-      <li><a href="#faq">9. FAQ</a></li>
-        <li><ul style="list-style-type:none">
-          <li><a href="#faq-use-cases">9.1. Use Cases</a></li>
-          <li><a href="#faq-use">9.2. Use</a></li>
-          <li><a href="#faq-api">9.3. API</a></li>
-          <li><a href="#faq-source">9.4. Source, Containers, and Streams</a></li>
-          <li><a href="#faq-protection">9.5. Content and Key Protection</a></li>
-        </ul></li>
-      <li><a href="#revision-history">10. Revision History</a></li>
+      <li><a href="#revision-history">9. Revision History</a></li>
     </ul>
 
 
@@ -1235,167 +1227,7 @@
     </div>
 
 
-    <h2 id="faq">9. FAQ</h2>
-    <non-normative-sections/>
-
-    <h3 id="faq-use-cases">9.1. Use Cases</h3>
-
-    <h4 id="faq-what-use-cases" class="faqquestion">What use cases does this support?</h4>
-    <p class="faqanswer">Everything from user-generated content to be shared with family (user is not an adversary) to online radio to feature-length movies.</p>
-
-    <h4 id="faq-adaptive-streaming" class="faqquestion">Is this proposal compatible with adaptive streaming?</h4>
-    <p class="faqanswer">Yes, this proposal is compatible with both "Type 1" and "Type 3" <a href="http://www.w3.org/2011/webtv/wiki/MPTF/HTML_adaptive_calls">adaptive streaming modes</a> as defined by the <a href="http://www.w3.org/2011/webtv/">W3C Web &amp; TV Interest Group</a>.</p>
-    <ul>
-      <li>If adaptive streaming is handled within the user agent (Type 1), the adaptive implementation can expose the events and methods needed to provide key(s) for the streams via the APIs in this proposal.</li>
-      <li>If adaptive streaming is handled in the application/JavaScript (Type 3), behavior should be very similar to the non-adaptive case.
-      For example, the <a href="http://dvcs.w3.org/hg/html-media/raw-file/tip/media-source/media-source.html">Media Source Extensions</a> allow the application to provide a dynamic <code>src</code>, which could be encrypted and handled just like a normal stream.
-      </li>
-    </ul>
-
-    <h4 id="faq-key-rotation" class="faqquestion">Is key rotation supported?</h4>
-    <p class="faqanswer">Yes.</p>
-
-    <h4 id="sourceelement" class="faqquestion">Can I let the user agent select the appropriate CDM using <code>&lt;source&gt;</code> elements?</h4>
-    <p class="faqanswer">Yes, using the <coderef prefix="source">keySystem</coderef> attribute of the <coderef>HTMLSourceElement</coderef>.
-    When used with <videoref name="attr-source-type">type</videoref> attribute, this will select the first <code>&lt;source&gt;</code> element (container, codec, and <a href="#key-system">Key System</a>) that the user agent might support.
-    </p>
-
-    <h4 id="faq-heartbeat" class="faqquestion">Is a heartbeat supported?</h4>
-    <p class="faqanswer">Yes.</p>
-    <p class="faqanswer">Heartbeat is a mode of operation where the <a href="#cdm">Content Decryption Module</a> requires to receive an explicit heartbeat message from its server on a regular basis, otherwise decryption is blocked.
-    This enables use-cases requiring strict online control of access to the content.
-    Heartbeat must be supported by the CDM and is implemented in this model by supplying an expiration time or valid duration in the license provided to the CDM.
-    Before expiry of this license, the CDM must trigger a new message exchange to obtain an updated license.
-    </p>
-
-    <h3 id="faq-use">9.2. Use</h3>
-
-    <h4 id="faq-send-a-token" class="faqquestion">Can I send a token for the signed-in user with the license request?</h4>
-    <p class="faqanswer">Yes. The application can add this to the license request (sent via <code>XMLHttpRequest</code> in the <a href="#examples">examples</a>) or send it to the <a href="#cdm">CDM</a> via <methodref>createSession</methodref> to be included in the license request.</p>
-
-    <h4 id="faq-resume-playback" class="faqquestion">How do I resume playback after receiving the <coderef>needkey</coderef> event in the <a href="#algorithms-enrypted-block">Encrypted Block Encountered algorithm</a>?</h4>
-    <p class="faqanswer">Assuming there are no other issues, playback will resume when the needed key is provided by <methodref>update</methodref> and processed.</p>
-
-    <h4 id="faq-multiple-cdms" class="faqquestion">Can an application use multiple content protection providers / Key Systems?</h4>
-    <p class="faqanswer">Yes, this will likely be necessary to support all or a majority of user agents.
-    An application could also use different <a href="#key-system">Key Systems</a> on a single user agent for different purposes.</p>
-
-    <h4 id="faq-multiple-key-systems" class="faqquestion">Can an <coderef>HTMLMediaElement</coderef> use multiple <a href="#key-system">Key System</a>s at the same time?</h4>
-    <p class="faqanswer">No.</p>
-
-    <h4 id="faq-add-cdm" class="faqquestion">How do I add support for a CDM to my application?</h4>
-    <p id="faq-cdm-library" class="faqanswer">We envision <a href="#cdm">CDM</a> providers creating JavaScript libraries that application developers can include. <methodref>isTypeSupported</methodref> can then be used to select from supported libraries.</p>
-
-    <h4 id="faq-provider-capabilities" class="faqquestion">How do I determine if the UA supports specific capabilities for a given provider?</h4>
-    <p class="faqanswer">This is vendor-/<a href="#key-system">Key System</a>-specific.</p>
-    <p class="faqanswer">Obtaining this information could take time and is open-ended, so it is not appropriate for <methodref>isTypeSupported</methodref>.
-    There is also no way for <methodref>isTypeSupported</methodref> to attest to capabilities anyway.
-    </p>
-
-    <h4 id="faq-license-url" class="faqquestion">What is a license URL (<code>licenseUrl</code>) in the examples?</h4>
-    <p class="faqanswer">This is the URL for a server capable of providing the key for the stream, usually using the <a href="#initialization-data">Initialization Data</a> and often after verifying the requesting user.
-    The URL is application- and/or <a href="#key-system">Key System</a>-specific and may be a content provider or a Key System provider depending on the solution.</p>
-
-    <h4 id="faq-too-complex" class="faqquestion">This is too complex and hard to use.</h4>
-    <p class="faqanswer">That's not a question, but we'll try to address it anyway.
-    As shown in the <a href="#examples">examples</a>, the basic use cases are reasonably simple and only require a little setup to get the key and provide it to the user agent.
-    We believe most small content sites can add basic protection to their applications with minimal efforts.</p>
-    <p class="faqanswer">The more complex cases, such as fast time to first frame and various license management algorithms, require more complex code, but professional-strength content protection is complex and that is to be expected.
-    Professional-strength content protection requires server components and working with one or more content protection vendors, so this isn't really any more complex.
-    In fact, if you implement a few solutions, it will work on any browser-based platform, avoiding the need for per-platform solutions on both the server and client.
-    The fixed set of interfaces may even lead to more consistent patterns and behavior across various solutions.
-    It is generally the large content providers that have more complex requirements, and we believe they will have the appropriate resources to implement applications that meet their requirements.
-    </p>
-    <p class="faqanswer">Providers of <a href="#cdm">content decryption modules</a> will need to provide detailed specifications for actions and events to guide content providers in designing the algorithms in their applications.
-    They can also provide a <a href="#faq-cdm-library">JavaScript libraries</a> for their solution that can be integrated into any application.
-    An application would then basically select a solution and delegate a lot of the work to the appropriate library.</p>
-
-    <h3 id="faq-api">9.3. API</h3>
-
-    <h4 id="faq-decrypt-algm" class="faqquestion">How is the decryption algorithm specified?</h4>
-    <p class="faqanswer">This is container specific. A container may standardize on a specific algorithm (i.e. AES-128) and/or allow it to be specified. The user agent must know and/or detect the appropriate algorithm to use with the key provided by this API.</p>
-
-    <h4 id="faq-advantage-key-exchange" class="faqquestion">What are the advantages of doing license/key exchange in the application?</h4>
-    <p class="faqanswer">Advantages include:</p>
-    <ul>
-      <li><a href="#simple-decryption">Simple Decryption</a> works in the same way as more advanced solutions and without additional APIs.</li>
-      <li>The user agent is not responsible for deciding which decryption mechanism to use.</li>
-      <li>The application has full control (i.e. of deciding what streams to offer) and does not need to rely on errors from (or a detailed API to) the <a href="#cdm">CDM</a>.</li>
-      <li>The application can manage its own license protocol, authentication refresh, key rotation etc. without relying on changes to or specific use cases being implemented in each user agent's CDM (as long as the appropriate primitives are available in the CDM).</li>
-      <li>Error handling can be tailored to the application without needing to expose status information and failure conditions from the CDM through the API.</li>
-      <li>The content provider can decide whether and what to proxy to the (potentially third-party) license server without client modifications.</li>
-      <li>Reduces the complexity and size of the CDM.</li>
-    </ul>
-
-    <h4 id="faq-key-system-mime-type" class="faqquestion">Why isn't the <a href="#key-system">Key System</a> part of the MIME type (like codecs)?</h4>
-    <p class="faqanswer">In many cases (especially the direction the content providers and standards are moving), the stream is not specific to any one Key System or provider. Multiple Key Systems could be used to decrypt the same generic stream. Thus, the <a href="#key-system">Key System</a> is not information about the file and should not be part of the MIME type.</p>
-    <p class="faqanswer">One could argue that the encryption algorithm (e.g. AES-128) and configuration should be in the MIME type. That is not required for this proposal, so it is not addressed here.</p>
-
-    <h4 id="faq-why-additional-events" class="faqquestion">Why do we need additional events?</h4>
-    <p class="faqanswer">While many use case could be implemented without an additional event (by requiring the app to provide all the information up front), some use cases may be better handled by an event.</p>
-
-    <h4 id="faq-why-new-error-code" class="faqquestion">Why do we need a new <coderef>MediaError</coderef> code?</h4>
-    <p class="faqanswer">Without a new error code (<coderef>MEDIA_ERR_ENCRYPTED</coderef>), it is not possible for user agents to clearly indicate to an application that playback failed because the content was encrypted and user agents will likely need to fire a <code>MEDIA_ERR_DECODE</code> or <code>MEDIA_ERR_SRC_NOT_SUPPORTED</code>, which would be confusing.</p>
-
-    <h4 id="faq-error-break-apps" class="faqquestion">Will adding a new error code to <coderef>MediaError</coderef> break existing applications?</h4>
-    <p class="faqanswer">Applications that are not aware of the new error code (<coderef>MEDIA_ERR_ENCRYPTED</coderef>) may not correctly handle it, but they should still be able to detect that an error has occurred because a) an error event is fired and b) <var title="">media</var>. <code title="dom-media-error"><videoref name="mediaerror">error</videoref></code> is not null.</p>
-
-    <h4 id="faq-response-needkey" class="faqquestion">What happens if a response to the <coderef>needkey</coderef> event from the <a href="#algorithms-encrypted-stream">First Time a Key Reference is Encountered</a> is not received before <a href="#algorithms-enrypted-block">encountering an encrypted block</a>?</h4>
-    <p class="faqanswer">The <a href="#algorithms-enrypted-block">Encrypted Block Encountered algorithm</a> will proceed as normal.</p>
-
-    <h4 id="faq-same-initdata-update" class="faqquestion">What if a key/license for the same key ID is provided more than once to <methodref>update</methodref>?</h4>
-    <p class="faqanswer">The CDM will replace previous entries, updating the overall key ordering to reflect that this key ID was most recently added.
-    In other words, simply replacing the existing key data is not sufficient.
-    The exact algorithm is covered in <methodref>update</methodref>.
-    </p>
-
-    <h3 id="faq-source">9.4. Source, Containers, and Streams</h3>
-
-    <h4 id="faq-container-codec-support" class="faqquestion">What containers and codecs are supported?</h4>
-    <p class="faqanswer">Containers and codecs are not specified. A user agent may support decryption of whichever container and codec combination(s) it wishes.</p>
-    <p class="faqanswer">If a user agent support decryption of a container/codec combination (as reported by <methodref>isTypeSupported</methodref>), it must also support <a href="#simple-decryption">Simple Decryption</a> of that combination.</p>
-
-    <h4 id="faq-container-code-indicate" class="faqquestion">What if a container/codec does not support indicating the stream or a frame/block is encrypted?</h4>
-    <p class="faqanswer">The application must use <methodref>update</methodref> to indicate the stream is encrypted and provide the key before decoding starts.</p>
-
-    <h4 id="faq-must-init-data" class="faqquestion">Must the container provide Initialization Data or a content key ID?</h4>
-    <p class="faqanswer">Yes.</p>
-
-    <h4 id="faq-adaptive-streaming-multiple-keys" class="faqquestion">Can I use different keys for each stream (<a href="#faq-adaptive-streaming">adaptive streaming</a>)?</h4>
-    <p class="faqanswer">Yes, though you may want to consider the complexity and performance drawbacks. For the best user experience, you will want to provide keys for the streams to the user agent before the switch.</p>
-
-    <h4 id="faq-elements-encrypted" class="faqquestion">What elements of the source are encrypted?</h4>
-    <p class="faqanswer">This depends on the container/codec being used. This proposal should support all cases, including entirely encrypted streams, individual frames encrypted separately, groups of frames encrypted, and portions of frames encrypted.
-    If not all blocks or frames are encrypted, the user agent should be able to easily detect this, either based on an indication in the container or the block/frame.</p>
-
-    <h4 id="faq-all-blocks-encrypted" class="faqquestion">Must all blocks/frames in a stream be encrypted?</h4>
-    <p class="faqanswer">No, subject to container/codec limitations.</p>
-
-    <h4 id="faq-ciphers-parameters" class="faqquestion">What cipher and parameters should be used for decryption?</h4>
-    <p class="faqanswer">The cipher and parameters should be implicit in or specified by the container. If some are optional, the application must know what is supported by the <a href="#cdm">CDM</a>.</p>
-
-    <h4 id="faq-simple-decryption" class="faqquestion">What cipher and parameters should be used for <a href="#simple-decryption">Simple Decryption</a>? Which must the user agent support?</h4>
-    <p class="faqanswer">As in the above question, these are either implicit in or specified by the container. User agents must support any default or baseline ciphers and parameters in the container specification. Practically, user agents should support all ciphers and parameters commonly used with the container.</p>
-
-    <h3 id="faq-protection">9.5. Content and Key Protection</h3>
-
-    <h4 id="faq-ensure-protected" class="faqquestion">Can I ensure the content key is protected without working with a content protection provider?</h4>
-    <p class="faqanswer">No. Protecting the content key would require that the browser's media stack have some secret that cannot easily be obtained. This is the type of thing DRM solutions provide. Establishing a standard mechanism to support this is beyond the scope of HTML5 standards and should be deferred to specific user agent solutions. In addition, it is not something that fully open source browsers could natively support.</p>
-    <p class="faqanswer">Content protected using this proposal without a content protection provider is still more secure and a higher barrier than providing an unencrypted file over HTTP or HTTPS. We would also argue that it is no less secure than encrypted HLS. For long streams, <a href="#faq-key-rotation">key rotation</a> can provide additional protection.</p>
-    <p class="faqanswer">It is also possible to extend the proposed specification in the future to support a more robust basic case <strong>without changing the API</strong>.</p>
-
-    <h4 id="faq-multiple-cdm-support" class="faqquestion">Can a user agent support multiple content protection providers?</h4>
-    <p class="faqanswer">Yes. The application will query the user agent's capabilities and select the <a href="#key-system">Key System</a> to use.</p>
-
-    <h4 id="faq-protect-compressed" class="faqquestion">Can a user agent protect the compressed content?</h4>
-    <p class="faqanswer">Yes, this proposal naturally supports such protection.</p>
-
-    <h4 id="faq-protect-rendering" class="faqquestion">Can a user agent protect the rendering path or protect the uncompressed content after decoding?</h4>
-    <p class="faqanswer">Yes, a user agent could use platform-specific capabilities to protect the rendering path.
-    </p>
-
-
-    <h2 id="revision-history">10. Revision History</h2>
+    <h2 id="revision-history">9. Revision History</h2>
     <table>
       <thead>
         <tr>