Close to 80% of all videos on the web are already encoded in H.264, according data from MeFeedia, which means they can be delivered within HTML5's "video" tag without having to resort to proprietary plugins like Flash or Silverlight. But the transition to open standards for video playback on the web still has a few hurdles to clear, as most major video sites won't take the plunge until HTML5 supports some form of copy protection.
Engineers from Microsoft, Netflix and Google have proposed an extension to HTML5's media streaming capabilities that seeks just that, through a new set of API extensions for the HTMLMediaElement which would provide the necessary components for a DRM scheme. There's no DRM added to the HTML5 specification itself; the actual content protection would be handled by "an appropriate user agent implementation."
The proposal has already been dismissed as "unethical" by W3C member and WHATWG HTML specification editor Ian Hickson, adding that it wouldn't even fulfill the necessary technical requirements for robust content protection to make it worth implementing either.
Mozilla's Chris Pearce also questioned whether the proposed framework would really provide the level of security demanded by content providers: "since the decoded video frames are stored in memory (as are audio samples) so that they can participate in the HTML rendering pipeline, how do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?," he asked to W3C members.
In response, Netflix’s Mark Watson said that the decryption could be handled at the firmware or hardware level.
The Encrypted Media specification is currently a draft-stage proposal, so it could take a while before it becomes a W3C-blessed standard or it could be discarded along the way. Companies like Netflix and Hulu are likely eager to abandon plugins in favor of standards-based HTML5 video, but they will need some form of DRM implementation to fulfill their contractual obligations to the content providers before that can happen.