[Bug 27269] Normatively require distinctive identifiers to be different by top-level and EME-using origin from bugzilla@jessica.w3.org on 2014-11-07 (public-html-bugzilla@w3.org from November 2014)

From: <bugzilla@jessica.w3.org>
Date: Fri, 07 Nov 2014 17:49:51 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-27269-2486-qYO0S8xyVB@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27269

Mark Watson <watsonm@netflix.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |watsonm@netflix.com

--- Comment #2 from Mark Watson <watsonm@netflix.com> ---
I'm not sure that is it sufficient to recommend real-time enforcement of this
by the User Agent, or even that such enforcement is possible. Even if User
Agent could verify that an identifier exposed by a CDM differs by origin, that
does not means that it does not contain some origin-independent identifier
visible to licensees of the keysystem (It could just be the encrypted
concatenation of the salt and an origin-independent identifier, with a key
which is known to licensees).

Additionally, or instead, I think we should require that User Agent
implementors have access to sufficient details about the CDM implementation to
assure themselves that it has the necessary properties.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 7 November 2014 17:49:53 UTC