[Bug 27093] Support for proprietary/system-specific formats in initData should be discouraged/deprecated

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27093

--- Comment #6 from Joe Steele <steele@adobe.com> ---
(In reply to David Dorwin from comment #5)
> (In reply to Joe Steele from comment #3)
> > Keys which are not application, user or client specific in no way compromise
> > user privacy OR UA security. I do not see any justification for excluding
> > them and they are used by some Key Systems.
> 
> Key(s) are not currently allowed because a) there is no normative text that
> describes how to handle them and b) there is currently no interoperable way
> to include or use them in initialization data.
> 
> If you would like EME to support such a feature, please file a bug,
> preferably with proposed solutions/text to those issues.

This is correct. However you did not restrict the text to the Common System ID
format. For other PSSH formats keys are allowed and present. 

One approach to fixing this bug would be to explicitly limit the normative text
to the Common System ID PSSH format. However with the exception of keys, I
think the restriction in the text is appropriate even for the more general PSSH
format. 

I think we would have stronger security/privacy protections by including the
modified version of this text I proposed, rather than restricting the text to
the Common format only.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 30 October 2014 18:47:34 UTC