- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 28 Feb 2012 23:09:58 +0000 (UTC)
- To: Mark Watson <watsonm@netflix.com>
- cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Kornel Lesiński <kornel@geekhood.net>, "<public-html@w3.org>" <public-html@w3.org>
On Tue, 28 Feb 2012, Mark Watson wrote:
>
> The server is not necessarily trusted. As I said, https services from
> CDNs (where they also sell you trustworthiness) are more expensive than
> http ones.
>
> So I want the content encrypted in storage as well as transport.
This particular use case makes a lot of sense, and seems much more broadly
applicable than just media. For example, you could have a CDN store
private user information in the form of a JSON blob but want it encrypted
on the CDN. Or you could have the user's private image library stored on a
CDN, and want only the user to be able to see the content.
One way to solve this would be to provide a method that takes an
ArrayBuffer key and a URL, and have any subsequent fetch of that URL for
the browsing context be decrypted automatically using that key:
navigator.addKeyForURL('http://cdn.example.net/video123', mykey);
myVideo.src = 'http://cdn.example.net/video123';
myVideo.autoplay = true;
The scoping for such a feature would be hard to specify though.
Another way would be to do something similar to what Blob does, namely
create an object that returns a new URL representing the decoded resource,
as follows:
var data = new DecodedURL('http://cdn.example.net/video123', mykey);
myVideo.src = URL.createObjectURL(data);
myVideo.autoplay = true;
(We can't use Blob itself because this has to be done cross-origin.)
Data would be encoded using AES256. I guess we could actually allow
AES128, 192, and 256 by just allowing the key argument to be either 16,
24, or 32 bytes long.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 28 February 2012 23:10:22 UTC