Re: Individualization

Thank you for the detailed reply. I think it would make a good addition to
the privacy considerations section and/or the resolution of, for example,
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27166.

On Mon, Oct 27, 2014 at 7:24 AM, Henri Sivonen <hsivonen@hsivonen.fi> wrote:


> (While I don't have a problem with explaining the privacy measures we
> are putting in place in Firefox, I find this level of vetting for a
> new enum item rather surprising. Have spec edit requests catering to
> Microsoft's needs been vetted on this level of detail by this Task
> Force? Where can I read a similar vetting of the privacy properties of
> Microsoft's solution? Or Apple's in response to the initData changes
> that catered, in practice, only to Apple?)


Please don't take it personally - I'm just trying to make sure we have a
good handle on the issues. Also, individualization hasn't really been
discussed before. Unfortunately, some participants have made it nearly
impossible to change or remove things - even unintentional oversights -
from this spec, even for security, privacy, and interoperability reasons.
With such a privacy-sensitive topic, I want to make sure we have
appropriate text.

Other vendors' solutions have not required API changes to the spec. While
we aren't specifically vetting implementations, some of us are actively
trying to understand and mitigate or restrict undesirable privacy and
security properties traditionally associated with DRM. I don't know what
initData changes you are referring to. Can you be more specific?

David

Received on Tuesday, 28 October 2014 20:59:57 UTC