- From: Mark Watson <watsonm@netflix.com>
- Date: Mon, 28 Oct 2013 10:13:18 -0700
- To: Joe Steele <steele@adobe.com>
- Cc: "public-html-media@w3.org" <public-html-media@w3.org>
- Message-ID: <CAEnTvdD1NLzmrcB10czO78PYFQ4v+X4ph3VVdpmRAzKh69DinA@mail.gmail.com>
Hi Joe, Why does the application need to be involved ? If two sites are "CORS-same-origin" the UA knows this and between the UA and the CDM can't they just make the keys of one origin available to the other without involving the application ? ...Mark On Mon, Oct 28, 2013 at 9:57 AM, Joe Steele <steele@adobe.com> wrote: > *I have a rough proposal here, please comment/critique ASAP.* > > In order to share keys between two sites, there are two concerns. > > The first is how to ensure that an untrusted site does not get access to a > key which is used by another site. The concern here is that the ability to > detect the existence of keys for a particular site is information leakage, > and even without an explicit API the lack of a key request would allow > detection. > > The second is that when two sites trust each other and *could* share keys, > it is not clear how sites would discover those shared keys. One method > would be allowing for generally shared information between sites at the CDM > layer, but this could again lead to information leakage given that CDMs may > communicate in an opaque manner. > > I propose that the browser uses CORS Access-Control-Allow-Origin headers > for the sites to determine the trust relationships between them. The > browser can then provide a list of active session ids for sites trusting > the current site with the *needkey* message when encountering encrypted > content. The application can this pass this information down to the CDM > which can then use those keys when appropriate. This will result in no > information leakage, since the sites are in control of the trust > relationship and the trust relationship is visible to the end user by > virtue of being detailed in the CORS headers. > > This has a few implications: > * The CDM must be creating the session ID if it wants to support this > * The browser must keep track of session IDs in relation to CORS trust > relationships > * The *needkey *message needs another parameter - a list of session IDs > which may be empty > * The *createSession* method needs another parameter - a list of session > IDs which may be empty > > I would like feedback from browser vendors on how difficult this is to > implement. The clear benefit is client performance and battery life. The > decreased network traffic is negligible. > > Joe Steele > steele@adobe.com > >
Received on Monday, 28 October 2013 17:13:46 UTC