W3C home > Mailing lists > Public > public-html-media@w3.org > November 2014

[Bug 27270] New: Normatively require distinctive identifiers to be forgettable/regeneratable

From: <bugzilla@jessica.w3.org>
Date: Fri, 07 Nov 2014 12:19:00 +0000
To: public-html-media@w3.org
Message-ID: <bug-27270-5436@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27270

            Bug ID: 27270
           Summary: Normatively require distinctive identifiers to be
                    forgettable/regeneratable
           Product: HTML WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encrypted Media Extensions
          Assignee: adrianba@microsoft.com
          Reporter: hsivonen@hsivonen.fi
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-media@w3.org
        Depends on: 27268, 27269

In order to give users the opportunity to cause a discontinuity in the ability
of a site, third parties who scripts the site includes or a network MITM who
injects EME usage into a non-https site to track the user across time, please
require that distinctive identifiers be forgettable and regeneratable.

(Start proposed spec text for a *normative* section) 

Implementations MUST ensure that the user may request distinctive identifiers
to be forgotten such that new different distinctive identifiers are generated
in the place of the old ones when distinctive identifiers are needed
subsequently. It is RECOMMENDED that users be able to request that distinctive
identifiers be forgotten on a per-site basis, particularly as part of a "Forget
about this site" feature that forgets cookies, databases, etc. associated with
a particular site in an operation that is sufficiently atomic to prevent
"cookie resurrection" type of recorrelation of a new identifier with the old by
relying on another type of locally stored data that did not get cleared at the
same time.

Note: The most obvious way to meet this requirement is to ensure that the salt
contemplated in the above note (actually in bug 27269) be forgettable such that
a new salt is randomly generated when needed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Friday, 7 November 2014 12:19:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:33:05 UTC