- From: <bugzilla@jessica.w3.org>
- Date: Mon, 18 Mar 2013 10:38:13 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=17199
Henri Sivonen <hsivonen@iki.fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hsivonen@iki.fi
--- Comment #15 from Henri Sivonen <hsivonen@iki.fi> ---
(In reply to comment #14)
> (In reply to comment #13)
> > Comment on attachment 1313 [details]
> > Proposal for key release text
> >
> > What happens if the CDM crashes before it has released a certain key?
>
> The CDM implementation needs to handle non-graceful shutdown. One
> implementation would be for the CDM to regularly write to secure persistent
> store a list of the current sessions with known keys. At any subsequent time
> (e.g. after restarting after a crash), this persisted list can be compared
> with the actual current sessions with known keys. Any differences are
> sessions for which the keys are no longer known and require to have key
> release message sent and acked. So these session records would then be added
> to a different list of unacknowledged released sessions.
>
> Of course you have some rare corner cases where crashes happen during the
> update of the persistent store itself.
What assurance/benefit does this complication provide over the CDM promising to
honor key expiry times communicated by the server when in the streaming case
the expiry times could be short? If the server doesn't trust the CDM to honor
expiry times, why would it trust key release attestations?
--
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Monday, 18 March 2013 10:38:16 UTC