[Bug 22909] Needs non-normative Security Considerations section

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22909

--- Comment #1 from Glenn Adams <glenn@skynav.com> ---
Propose the following draft text, to be added as a new top level section or a
sub-section of the Introduction. Note that this proposal is little more than an
outline intended to be elaborated after further discussion in the TF.

X Security Considerations

This section is non-normative.

X.1 Security considerations for EME Implementers

User agents should take measures to prevent unauthorized access to
initialization data, key data, or decrypted media data.

X.2 Security considerations for EME Users

While this API provides a means to develop applications that make use of
protected media content, it does not, by itself, ensure that no unauthorized
access occurs to initialization data, key data, or decrypted media data.

While the API in this specification provides a means to use keys, it makes no
statements as to how the actual keying material will be stored by an
implementation. As such, although a key may be inaccessible to web content, it
should not be presumed that it is inaccessible to end-users.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 13 August 2013 05:29:32 UTC