- From: Philippe Le Hégaret <plh@w3.org>
- Date: Thu, 16 Mar 2017 09:47:08 -0400
- To: "public-html-media@w3.org" <public-html-media@w3.org>
All,
W3C published today the Encrypted Media Extensions specification as a
Proposed Recommendation:
https://www.w3.org/TR/2017/PR-encrypted-media-20170316/
The "persistent-usage-record" session type and the related
MediaKeySession destroyed algorithm were removed since the previous version.
This publication follows section 6.5 of the W3C Process Document:
https://www.w3.org/2017/Process-20170301/#rec-pr
Keep in mind that publication as a Proposed Recommendation does not
imply endorsement by the W3C Membership. This phase establishes a
deadline for the Advisory Committee review:
https://www.w3.org/2017/Process-20170301/#ACReview
Advisory Committee Representatives should consult their WBS
questionnaires and review the document through 13 April 2017.
-----------------------------------
Security Disclosures Best Practices
-----------------------------------
W3C is also soliciting feedback on the recently-published W3C Security
Disclosures Best Practices:
https://www.w3.org/TeamSubmission/2017/SUBM-sdbp-20170302/
This Team Submission contains a template intended for organizations
interested in protecting their users and applications from fraud,
malware, and computer viruses, as well as interested in ensuring proper
adherence to security and privacy considerations included in W3C
Recommendations. It also helps to support broad participation, testing,
and audit from the security community to keep users safe and the web’s
security model intact. for security and privacy disclosure programs.
Please send comments to public-security-disclosure@w3.org.
-----------------
Formal Objections
-----------------
Formal Objections were raised on three points:
https://lists.w3.org/Archives/Public/public-html-media/2016Sep/0003.html
The objections included:
* inadequate protection for users;
* difficulties in supporting the specification in free software projects;
* lack of covenant regarding anti-circumvention regulations.
The specification contains 2 separate sections regarding security and
privacy considerations to prevent attacks and preserve the protection of
users, including by recommending explicit consent.
The specification does not mandate a particular CDM. It does however
mandate support for the Clear Key common key systems, to provide a
common baseline level of functionality.
While the Director recognizes the technical progress and stability of
the work, the lack of consensus to protect security researchers remains
an issue. The Director has determined that a practical means to improve
protections at this stage is to establish momentum for protection by
establishing best practices for responsible vulnerability disclosure.
The W3C Team published a set of guidelines intended to protect security
and privacy researchers and is looking for expression of interest:
https://www.w3.org/TeamSubmission/2017/SUBM-sdbp-20170302/
Additionally, accessibility concerns were brought to the attention of
the Director. Testing validated that the specification's approach for
captions did not prevent access to captions for users with disabilities.
Other accessibility concerns were suggested, including color
daltonization and flash mitigation. They were determined to be outside
of the scope of EME, but represent potentially useful areas for
accessibility research for video in general. See also
https://www.w3.org/2017/03/eme-accessibility.html
Thank you,
Philippe
Received on Thursday, 16 March 2017 13:47:17 UTC