[Bug 22909] Needs non-normative Security Considerations section from bugzilla@jessica.w3.org on 2013-08-13 (public-html-bugzilla@w3.org from August 2013)

From: <bugzilla@jessica.w3.org>
Date: Tue, 13 Aug 2013 17:08:47 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-22909-2486-IFRbh2hBpM@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22909

--- Comment #2 from Glenn Adams <glenn@skynav.com> ---
Under X.1, suggest adding the following:

"In the context of using certain Key Systems, it is possible that
Initialization Data, Key Data, or Media Data may contain active content
[SECURITY GLOSSARY]. If a User Agent performs the interpretation or execution
of such active content, then it should consider the threats, risks, and
safeguards described in [ACTIVE CONTENT]."

[SECURITY GLOSSARY] Shirey, R., Internet Security Glossary, Version 2, RFC
4949, August 2007, IETF.

[ACTIVE CONTENT] Jansen, W, et al., Guidelines on Active Content and Mobile
Code, Special Publication 800-28, Version 2, 2008, National Institute of
Standards and Technology (NIST).

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 13 August 2013 17:08:48 UTC