[173127] in North American Network Operators' Group
Re: Verizon Public Policy on Netflix
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Jul 16 19:26:16 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <201407131954.NAA11092@mail.lariat.net>
Date: Wed, 16 Jul 2014 16:22:57 -0700
To: nanog@brettglass.com
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> However, if there is any concern about either a Netflix server OR an
> ISP's cache being used to obtain illicit copies of the video, the =
solution
> is simple. This is a trivial problem to solve. Send and store the =
streams in
> encrypted form, passing a decryption key to the user via a separate,
> secured channel such as an HTTPS session. Then, it is not possible to =
obtain
> usable copies of the content by stealing either a Netflix server OR an
> ISP-owned cache. Problem solved.
That works for individual sessions, but not for the cache scenario. =
Either everyone
gets the same key (which is equivalent to no key at all) or the cache =
has to be
able to participate in the encryption.
Beyond that small fly in the ointment, I believe Netflix current model =
operates pretty
much as you suggest. However, their cache boxes have to participate =
actively in the
encryption in order to avoid providing the same decryption key to =
everyone for any
given show. I suspect (though I don't know) that encrypted content is =
loaded onto
the cache in a form encrypted with a key known to the software on the =
cache. That
each streaming request causes said content to be decrypted and =
immediately re-encrypted
with a user-specific key and/or session-specific key and then sent to =
the user.
Hence the requirement that the cache be on a box run by Netflix, and =
probably part of
the reason for the greater power requirements.
Owen
