[whatwg] Possible alternative to specifying a codec for the <video> tag from David Gerard on 2007-12-24 (public-whatwg-archive@w3.org from December 2007)

From: David Gerard <dgerard@gmail.com>
Date: Mon, 24 Dec 2007 17:32:40 +0000
Message-ID: <fbad4e140712240932n61c1b0det8ee3e5b61297b52c@mail.gmail.com>

On 24/12/2007, Krzysztof ?elechowski <giecrilj at stegny.2a.pl> wrote:
> Dnia 23-12-2007, N o godzinie 13:08 +0000, David Gerard pisze:
> > On 23/12/2007, Robert (Jamie) Munro <rjmunro at arjam.net> wrote:

> > > How could we do that? The codec is usually a relatively small download
> > > download compared to the video itself. If we could suggest a way for

> > Arbitrary executable downloads didn't work out well with ActiveX, and
> > "Download codec to view this!" is already a vector for malware.

> That would not be an arbitrary download; it would be a download of _the_
> codec.
> The executable code must not be enclosed in the content envelope (unless
> the envelope is generated on the fly by the server depending on the user
> agent; I think it would be a cumbersome thing to do).
> Arbitrary active extensions can request services from the operating
> system; the code to be executed should not be allowed to.  It could be
> allowed to request services from the browser only; if that is set up
> correctly, the decoder will be as safe as the browser is, even if it is
> a piece of broken malware.  Thus we would need the browser to be a
> direct show* engine provider for the decoder and the decoder would be
> allowed to access its own memory only and call its own functions and the
> functions explicitly provided by the browser.  Is this feasible?


It still sounds to me a bit like a layer violation ... the content in
question is a bit active.

Mind you, HTML these days is generally riddled with (or only a
delivery mechanism for, e.g. in interactive television) JavaScript.
And codecs are a bit virtual-machine-like anyway (with playback
engines needing sandboxing to protect against codecs that are unsecure
against malicious files).


> And, last but not least: can we expect the opposing browser vendors to
> offer the direct show engine and allow the decoder to run without much
> user intervention?  Because if not, this solution would be very weak.
> What do you think?


It strikes me as more trouble than it would be simply to remember that
in claiming Ogg was "proprietary", Nokia told a lie big enough to
crack and break the assumption of good faith; and if Apple could
really live with SHOULD in the spec, put back the baseline
recommendation of Ogg Theora and Ogg Vorbis.


- d.

Received on Monday, 24 December 2007 09:32:40 UTC