- From: <bugzilla@jessica.w3.org>
- Date: Wed, 20 Feb 2013 15:53:57 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20961 --- Comment #7 from Fred Andrews <fredandw@live.com> --- (In reply to comment #6) > (In reply to comment #5) > > As noted before, the specification does not define the scope of privileges > > required by a CDM, so it is not possible to assess the validity of your > > claim that 'EME does not depend on any such privileged access.'. Please > > include the scope of privileges that the CDM requires has so we can all > > assess the technical merits of this claim. > > How is this different from video codecs ? The specification does ont define > the 'scope of privileges' required by video codecs either. We expect UA > implementations to pay attention to the access they give to components such > as this. A video codec fits within the standard web platform security model, effectively the same as for an image decoder which has been part of the platform from the beginning. For this reason it was probably not deemed necessary to articulate the scope of privileges that it needs. It would be expected that a video codec could execute within a very restricted sandbox, with a one-way flow of information. I suggest that a CDM useful for DRM requires privileges beyond this, but the onus should be on the proponents to articular the scope? The EME interface alone does not require privileged access. However it is designed to solve the problem of DRM, and the success of EME in solving the DRM problem does depend on the CDM having privileged access. If we assume that a CDM has no security or protection then it will not be able to implement DRM and EME is of not use and is not worthy of consideration. The bug description will be amended to clarify this. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Wednesday, 20 February 2013 15:54:04 UTC