The Fairplay Streaming Programming Guide (2021-03-10 version, page 31) makes it perfectly clear that:
So, can we / should we really insert the unencrypted content IV into CBCS-protected CMAF audio/video assets:
However, when the same CBCS-protected CMAF media segment is to be used with another DRM system (that does not support conveying the IV in a secure envelope to the DRM agent), then the IV also has to be inserted in some unencrypted MP4 boxes of the stream itself (typically in the moof/traf/senc sample encryption box). This seems to make the FPS IV confidentiality requirement a moot point.AES encryption and decryption of audio and video assets uses the IV delivered in the CKC.
So, can we / should we really insert the unencrypted content IV into CBCS-protected CMAF audio/video assets:
when distributing them using FPS and at least another DRM system ?
when distributing them exclusively using FPS ?