[Bug 26332] Applications should only use EME APIs on secure origins (e.g. HTTPS) from bugzilla@jessica.w3.org on 2014-09-17 (public-html-bugzilla@w3.org from September 2014)

From: <bugzilla@jessica.w3.org>
Date: Wed, 17 Sep 2014 20:59:28 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26332-2486-fVjj2Mosl1@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

Domenic Denicola <domenic@domenicdenicola.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |domenic@domenicdenicola.com

--- Comment #78 from Domenic Denicola <domenic@domenicdenicola.com> ---
Hi all,

I saw on the public-html-media list that this bug was hoping for input from a
wider variety of stakeholders. Let me say that the TAG is strongly in favor of
requiring secure origins for any code that interacts with the CDM.

We are working on a formal statement of the various architectural concerns and
guiding principles the TAG hopes can be applied to EME [1], which is still
undergoing revision and progress and shouldn't really be taken as final yet.
But I can say with confidence that we all agree requiring secure origins for
CDM-using code is extremely important for security, and that part will not
change. See the section at [2] for more details.

[1]: https://github.com/w3ctag/eme/blob/master/EME%20Opinion.md
[2]:
https://github.com/w3ctag/eme/blob/master/EME%20Opinion.md#user-facing-concerns

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 17 September 2014 20:59:30 UTC