- From: <bugzilla@jessica.w3.org>
- Date: Mon, 15 Sep 2014 18:00:57 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923 --- Comment #26 from David Dorwin <ddorwin@google.com> --- (In reply to Anne from comment #25) > (In reply to David Dorwin from comment #24) > > Neither task could be executed until the user has responded - this would add > > an unknown delay. (You could argue that this is once per user, but we also > > want to handle any other permission dialogs in the same way.) > > That depends on the user agent implementation. Can you give an example of an implementation where this is not the case? How can an implementation reply before the user has accepted/declined downloading the CDM? > > Reusing "maybe" and create() also avoids leaking state, including whether > > the CDM was previous installed (by another origin). > > Is state not leaked either way due to timing attacks? Not having "maybe" > seems to leak less state if the site treats the browser as an opaque entity. > Or is the proposal to always return "maybe" in all implementations before > create() is invoked? I was specifically thinking of the case where an implementation prompts for both download and first use on an origin. In this case, the timing attack would not work. If the prompt was only for download on the first origin, I don't see a way to address the timing attack. Implementations could choose to always return "maybe" (instead of probably) to avoid leaking information, but I'm not sure that's a requirement. In the absence of any "probably" results, "maybe" is effectively the same - the app should try one of those combinations. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 15 September 2014 18:01:07 UTC