- From: <bugzilla@jessica.w3.org>
- Date: Sat, 23 Aug 2014 07:50:54 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332 --- Comment #71 from Henri Sivonen <hsivonen@hsivonen.fi> --- (In reply to Henri Sivonen from comment #70) > (In reply to David Dorwin from comment #52) > > 7) A non-EME-using site (i.e. no reason to use protected media), ad network, > > etc. uses EME to obtain a "permanent" identifier. > > Yeah, it makes sense to separate out the case where an ad network uses EME > only for tracking and not to satisfy licensing requirements for movies / TV > series / music. I somehow failed to mention: I've advocated that we address attack #7 by partitioning the browser-provided salt (see the mitigation for attack #2) not just by the origin using EME but by the combination of the origin using EME and the origin of the top-level browsing context. That is, if site A provides EME-using iframes for sites B an C, it sees a different CDM identity when iframed by B compared to when iframed by C. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Saturday, 23 August 2014 07:50:58 UTC