- From: <bugzilla@jessica.w3.org>
- Date: Thu, 15 Jan 2015 10:34:27 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27268 --- Comment #5 from Henri Sivonen <hsivonen@hsivonen.fi> --- (In reply to David Dorwin from comment #1) > https://github.com/w3c/encrypted-media/commit/ > ce5d69ae56fc9cc890a02b132533431d54089780 adds the definition. It is mostly > the the proposed text from comment #0. > > I have some questions for Henri below. > > (In reply to Henri Sivonen from comment #0) > > 3) It is used in more than one session > By "session", do you really mean MediaKeySession? What about sessions within > the same MediaKeys object? I think I don't understand the implications of the distinction well enough to give an informed response at this time. > > or is potentially used in one > > persistent session across the point of persistence. > Please clarify and/or explain the purpose of this text. The purpose of this text is to close a loophole where a never-ending persistent session could carry around something that's seemingly a throw-away (and, therefore, presumptively not distinctive) value like a nonce, but it doesn't actually get thrown away in reasonable time and becomes a tracking id (i.e. distinctive for practical purposes). > > * A nonce that's unique but used in only one non-persistent session. > What is the importance of "non-persistent" here? (I did not include this in > the change.) See above about using a never-ending persistent session for tracking users. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Thursday, 15 January 2015 10:34:29 UTC