- From: <bugzilla@jessica.w3.org>
- Date: Tue, 06 May 2014 16:04:26 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25385 --- Comment #11 from Mark Watson <watsonm@netflix.com> --- (In reply to GEXIN1984 from comment #10) > You're right. This is still not secured. Maybe the public key should be > signed by UA. > Then what if the CDM reuse the HTTPS client key to sign the public key it > send? Or the CDM directly reuse the HTTPS key pairs for content key > delivery? > Because the HTTPS keys are the security mechanism that are already > established between UA and server, which are not exploded to JS. WebCrypto has explicitly put interaction with TLS keys out-of-scope for the first version. Regarding signing by the UA, there would need to be some secret embedded in the UA that would identify it as a "genuine" UA and it would need to be difficult for someone to obtain such a secret (since they could then just embed that secret in some Javascript and do the whole thing in Javascript). So, the secret can't just be in the source code (or, rather, if it was, then the solution has essentially the same security properties as the ClearKey solution). This is exactly one of the problems (known as 'robustness') that DRM's address in some detail, so what you are proposing is really to define a DRM, albeit a simple one. There are many other problems associated with such a task and we have not in this group set out to define a new DRM, even a simple one, so I would sill suggest WONTFIX for this one. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 6 May 2014 16:04:30 UTC