Wouldn't the DRM spec have to explicitly permit MSE buffering? If Javascript could buffer the stream and send it to any destination other than a DRM-approved output device, that would defeat the DRM.

The way EME is designed, the browser is responsible for fetching the data from the network and passing it to the DRM module. This is no different with MSE, as far as I can tell; what you buffer up is the encrypted data, then pass it on to the DRM stuff.

Thanks, I'll run a test to see if it's possible to request an encrypted stream by timecode, then buffer it for composition with another encrypted stream.