W3C home > Mailing lists > Public > public-html-media@w3.org > November 2013

Re: ACTION-40: Propose text for bug 17202 to propose how to share keys without leakage of information

From: Joe Steele <steele@adobe.com>
Date: Wed, 13 Nov 2013 17:22:41 -0800
To: Dan Dart <dan@dandart.co.uk>
CC: "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <F104E8A5-871A-4296-AA80-7DBEE869DCD2@adobe.com>
That is basically the model I am proposing. However that approach only covers persistent keys in storage, it does not cover “live” keys which are actively being used. 
There is a performance benefit to sharing those keys as well. In order to share those keys, the CDM needs to have some idea of which the trust relationships are between the applications with active sessions. 

A naive alternative for live keys is to allow the CDM to simply share any live keys it has with any application that tries to create a session that needs them. 
But that is a privacy leakage as was pointed out by multiple people.

Joe Steele
steele@adobe.com

On Nov 13, 2013, at 1:04 AM, Dan Dart <dan@dandart.co.uk> wrote:

> Hi all,
> 
> What would be wrong with obeying the cookie policy here?
> This would allow e.g. beammeup.netflix.com to use the same keys as beammebackdownagain.netflix.com
> and the user would then have an option to disable individual "enc-cookie-keys" or all.
> 
> I haven't been following the whole discussion, and while I'd like to get involved, I may not understand the whole model.
> Is there a guide / diagram for the encryption schemes / server-to-client architecture out - or is this us, right here, right now?
> I'm not surely what it's here for either - presumably legal reasons, as to stop pirates is to stop the orbit of the moon.
> (apologies for OT)
> 
> Dan Dart
> Project Chaplin Video Sharing



Received on Thursday, 14 November 2013 01:23:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:33:01 UTC