- From: <bugzilla@jessica.w3.org>
- Date: Tue, 12 Mar 2013 01:04:14 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21231 --- Comment #10 from Fred Andrews <fredandw@live.com> --- (In reply to comment #9) > > Of the class of solutions for which the user can already > > technically access the decoded stream, does EME/CDM offer > > any more protection than the proposal+secure transport? > > As I said, EME/CDMs offer the possibilility to protect the keys and encoded > content, which are different things from the decoded content. > > I'm not saying any more than this. To some authors, the ability to easily > store the decoded content may be 'just as bad' as easy access to the keys or > encoded content and so these solutions may be equivalent. To other authors > these things may not be equivalent. That is all. Ok, that sounds like a acknowledgment that there are a large class of use cases for which the proposed solution would be equivalent. Perhaps someone else could elaborate on the other set of disputed use cases: authors who want to protect the keys and encoded content even when the user can access the decoded output. What is the threat in these cases? Why can't secure transport alone offer the needed protection? Is the issue here that storing the encoded content plus the key would be preferable to storing the decoded content, perhaps because the key might be easier for the user to protect than a large decoded, or recoded but unencrypted, blob? Perhaps a 'store-securely' flag would address this matter? If we could understand the scope of these use cases then it would be possible to either address them with a simpler solution or declare them out of scope of the proposed solution. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 12 March 2013 01:04:22 UTC