- From: David Singer <singer@apple.com>
- Date: Wed, 07 Sep 2016 17:57:16 +0200
- To: Mark Watson <watsonm@netflix.com>
- Cc: Harry Halpin <hhalpin@w3.org>, Paul Cotton <Paul.Cotton@microsoft.com>, "public-html-media@w3.org" <public-html-media@w3.org>
> On Sep 7, 2016, at 17:47 , Mark Watson <watsonm@netflix.com> wrote: > I think the two points are: > - non-ClearKey Key Systems may be pre-installed in some User Agents, or automatically installed by the User Agent > - one could argue that consent should be per-origin > > So, the argument is basically whether there *always* exists risks of this kind or whether we believe User Agents can mitigate those sufficiently (or at least should be given an opportunity to do so). > OK, there are risks from at least: 1) installing new software (OS X, for example, has security settings to enable you to lock down to the signed installs from the App Store) 2) using software that might have been subject to less security analysis (e.g. because of a fear of the DMCA) 3) a combination of the above. The OS might warn people who install new software. EFF might warn people who buy devices with built-in DRMs. The EFF might suggest that that warning be stronger for installed DRMs. But I still haven’t got to the EME interface... David Singer Manager, Software Standards, Apple Inc.
Received on Wednesday, 7 September 2016 15:57:47 UTC