IETF Logo Mail Archive

Re: [rtcweb] Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees

Cullen Jennings <fluffy@iii.ca> Fri, 13 December 2013 00:59 UTC

Return-Path: <fluffy@iii.ca>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73B5A1AE59B for <rtcweb@ietfa.amsl.com>; Thu, 12 Dec 2013 16:59:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z62k2finBkRA for <rtcweb@ietfa.amsl.com>; Thu, 12 Dec 2013 16:59:03 -0800 (PST)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) by ietfa.amsl.com (Postfix) with ESMTP id C94AD1AE591 for <rtcweb@ietf.org>; Thu, 12 Dec 2013 16:59:03 -0800 (PST)
Received: from [192.168.4.100] (unknown [128.107.239.234]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 0A468509B8; Thu, 12 Dec 2013 19:58:56 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <20131212234430.GT3245@audi.shelbyville.oz>
Date: Thu, 12 Dec 2013 17:58:55 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <28230E1E-A834-4C49-AC46-DBCC9818CEF5@iii.ca>
References: <186CE8D65BA3A741A81A543F936DD0D10A5803D8@xmb-rcd-x07.cisco.com> <A672E2AB-827D-46E8-9EB1-D7ED82B10B94@cisco.com> <20131211193239.GK3245@audi.shelbyville.oz> <558F8D49-4024-4DF1-9A9E-AF422F1292C2@iii.ca> <20131212011550.GM3245@audi.shelbyville.oz> <E8882BCE-4795-4CF5-B785-18C2141A5DE2@iii.ca> <20131212183852.GN3245@audi.shelbyville.oz> <9B19C671-4356-4918-B271-D95B7AA84BBA@iii.ca> <20131212213234.GQ3245@audi.shelbyville.oz> <52AA37E2.1070202@gmail.com> <20131212234430.GT3245@audi.shelbyville.oz>
To: Ron <ron@debian.org>
X-Mailer: Apple Mail (2.1510)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2013 00:59:05 -0000

On Dec 12, 2013, at 4:44 PM, Ron <ron@debian.org> wrote:

> On Thu, Dec 12, 2013 at 11:25:38PM +0100, Daniel-Constantin Mierla wrote:
>> 
>> On 12/12/13 22:32, Ron wrote:
>> [...]
>>> 
>>> 
>>> It does however raise a brand new problem (one which is actually quite
>>> technically interesting!), and I am interested to know if that was just
>>> a misunderstanding on your part in explaining it, or if you actually do
>>> plan to really solve this. [1]
>>> 
>>> You talk about Mozilla fingerprinting the *source* that they verified,
>>> and then being able to confirm that fingerprint in the binary blob they
>>> download from the Cisco build farm.
>>> 
>>> I had previously assumed people were only planning to take a hash of
>>> the binaries already up there, merely to ensure the blob that a user
>>> actually downloaded wasn't some totally foreign trojan, but was what
>>> was expected to come from the Cisco site.
>>> 
>>> 
>>> There is considerable work presently being done on fully reproducible
>>> binaries, since obviously this is of interest on many fronts, but it's
>>> currently far from being a universally (or easily) Solved Problem.
>> 
>> At least there were several people concerned about trusting the blob
>> version being built from the open sourced code. I, as one of them,
>> got the answer that I can take the code and build it on my system
>> and then compare the binaries
> 
> That's the bit that actually makes this Hard and Interesting.
> 
> If you take the code, and build it on your own system, then it's far
> more likely than not that the binaries *will* be different.  Even if
> you really did compile exactly the same source code.
> 
> Which is why I'm curious if this is a misunderstanding, and Cullen
> described how he hoped or thought it would work (but how it probably
> almost certainly won't) -- or if they actually are planning to solve
> the problems which would make this (somewhat) possible to do.

The thing that is hard is making a compile match an existing binary when you don't really know how the original binary was compiled. The plan here is to exactly describe the process that Cisco uses to compile (which linux distro, which version, which compiler version etc, all the build scripts etc). Then any external group, such as Mozilla, can replicate theses instructions and get the same binary. I do realize that if you build the same code on even very similar systems, you may get a different binary. I realize it is not trivial to get this to all happen but we are confident it can be done.

v2.23.0 | Report a Bug | By Email