- From: <bugzilla@jessica.w3.org>
- Date: Tue, 22 Jul 2014 15:52:16 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332 --- Comment #9 from Mark Watson <watsonm@netflix.com> --- (In reply to David Dorwin from comment #5) > https://dvcs.w3.org/hg/html-media/rev/e68902b0f30d adds secure origin and > transport to the Security Considerations and Privacy Considerations > sections, including the answers in comment #4. It includes a new step > specifying how to fail when an origin is not allowed but does not > normatively specify the conditions, which remains to be discussed here. > > https://dvcs.w3.org/hg/html-media/rev/7595e9457f23 adds text about secure > origins to the Privacy Considerations section on alerts and consent. I don't agree with either of these changes. We've been working on this API for some time and there has been no suggestion that UA's may impose a restriction to secure origins. Indeed all of the deployment experience with this API does not apply this restriction. It's a major change to introduce at this stage with significant implications for service providers. With the existing solution (plugins) there is no such restriction and indeed users have little information and few guarantees around privacy. EME improves on this situation greatly by interposing the UA and we have security considerations that explain well the considerations UAs should apply when integrating with CDMs. I believe this is sufficient. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 22 July 2014 15:52:18 UTC