[Matroska-devel] Compromise Encryption Proposal
ashwood at msn.com
Thu Dec 22 19:10:12 CET 2005
I think this compromise accomplishes the desires of both sides. I'm having
trouble locating the correct terminology, so I'm just going to go all the
way back to C-structs (Segment is in this case an example of a struct).
Keep the initializer proposal I made. With some changes though. In addition
to sitting alonog side Segment at the highest level, any struct can contain
them, effectively defining local variables. Local definitions supercede
those that are global to them. For duplicate definitions at the same level,
behavior is not defined.
Each struct contains a single, optional field called Transform (name can and
should be changed as needed). Transform is a 32-bit bitfield, defining the
(previously initialized) transform to be used. The inverse transform is free
to make any changes to the struct, so for example, it is free to change
timecodes. An inverse transform may return a single struct, multiple
structs, or no structs, each of which can be of any type, and may contain an
additional Transform requirement. The inverse transform SHOULD avoid
changing the information except where security trumps this requirement.
This allows the parser to perform look-ahead processing, as Paul desired,
but also allows the inverse transform to force non-malleability in cases
where it is warranted. 99+% of the time, the biggest change will be if the
transform results in multiple SimpleBlocks.
Is this a worthwhile compromise?
More information about the Matroska-devel