[Bug 25385] clear key cannot provide basic protection, why not considering web cryptography API from bugzilla@jessica.w3.org on 2014-04-30 (public-html-bugzilla@w3.org from April 2014)

From: <bugzilla@jessica.w3.org>
Date: Wed, 30 Apr 2014 05:26:54 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-25385-2486-y8pKbffMUP@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25385

GEXIN1984@GMAIL.COM changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |---

--- Comment #7 from GEXIN1984@GMAIL.COM ---
(In reply to David Dorwin from comment #4)
> Actually, I don't think there is any additional security since JavaScript
> (or anything else) could have provided the public key.
What do you mean by JavaScript provided the public key? the WebCrypto API?
But by using this API, the content key decrypted is still exposed to JS, so it
is not secure. So I propose to integrate the WebCrypto API with EME by passing
the encrypted content key directly to the simple key CDM.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 30 April 2014 05:26:55 UTC