[Bug 22909] Needs non-normative Security Considerations section from bugzilla@jessica.w3.org on 2013-11-08 (public-html-bugzilla@w3.org from November 2013)

From: <bugzilla@jessica.w3.org>
Date: Fri, 08 Nov 2013 23:49:16 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-22909-2486-EjC1XwJNpd@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22909

--- Comment #7 from Mark Watson <watsonm@netflix.com> ---
Proposal:

X Security Considerations

This section is non-normative.

Key System implementations must consider initialization data, key data and
media data as potential attack vectors and must take care to safely parse,
decrypt etc. initialization data, key data and media data. User Agents may want
to validate data before passing it to the CDM, especially if the CDM does not
run in the same (sandboxed) context as the DOM (i.e. rendering). 

It is STRONGLY RECOMMENDED that key data and media data do not contain active
content [SECURITY GLOSSARY].  If a Key System implementation supports the
interpretation or execution of such active content then it is STRONGLY
RECOMMENDED that User Agents make use of sandbox techniques to restrict the
scope of access that the CDM has to the user’s device. In any case, User Agent
and Key System implementers should consider the threats, risks, and safeguards
described in [ACTIVE CONTENT].

User Agents are responsible for providing users with a secure way to browse the
web. Since User Agents may integrate with third party CDM implementations, CDM
implementors must provide sufficient information and controls to user agent
implementors to enable them to properly asses the security implications of
integrating with the Key System.

Note: unsandboxed CDMs (or CDMs that use platform features) and UAs that use
them must be especially careful in all areas of security, including parsing of
key and media data, etc. due to the potential for compromises to provide access
to OS/platform features, interact with or run as root, access drivers, kernel,
firmware, hardware, etc., all of which may not be written to be robust against
hostile software or web-based attacks. Additionally, CDMs may not be updated
with security fixes as frequently, especially when part of the OS, platform or
hardware.

[SECURITY GLOSSARY] Shirey, R., Internet Security Glossary, Version 2, RFC
4949, August 2007, IETF.

[ACTIVE CONTENT] Jansen, W, et al., Guidelines on Active Content and Mobile
Code, Special Publication 800-28, Version 2, 2008, National Institute of
Standards and Technology (NIST).

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 8 November 2013 23:49:18 UTC