W3C home > Mailing lists > Public > public-w3process@w3.org > November 2014

Re: Require security review before FPWD

From: Sam Ruby <rubys@intertwingly.net>
Date: Mon, 03 Nov 2014 08:07:08 -0500
Message-ID: <54577DFC.7070608@intertwingly.net>
To: public-w3process@w3.org


On 11/03/2014 07:33 AM, Anne van Kesteren wrote:
> On Mon, Nov 3, 2014 at 1:10 PM, David Singer <singer@apple.com>
> wrote:
>> Since I have no idea how we got from ‘when is it required that an
>> XXX review be done?’ to ‘has the W3C endorsed DRM?’ I can only
>> conclude that we’re seriously at cross purposes.
>
> I brought up EME as an example of where vendors implemented and
> shipped something that is bad for security and privacy. Reviewers
> are at a loss. You said vendors should follow the W3C. I argued that
> such an argument did not apply here as the W3C has not made up its
> made mind (or so claims the leadership).

Having recently been at a F2F with those vendors, I can confidently
state that a security review prior to FPWD would not have changed vendor
behavior.  In fact, I see a lot of parallel to the <video> tag[1].  That
being said, discussion is ongoing, and I encourage readers to consult
the following:

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#c130

https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#privacy-secureorigin

- Sam Ruby

[1] 
http://lists.w3.org/Archives/Public/public-whatwg-archive/2009Jun/0599.html
Received on Monday, 3 November 2014 13:07:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC