- From: <bugzilla@jessica.w3.org>
- Date: Sat, 29 Mar 2014 01:18:22 +0000
- To: public-html-media@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25201
Bug ID: 25201
Summary: Add ability to preemptively provide a server
certificate
Product: HTML WG
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P3
Component: Encrypted Media Extensions
Assignee: adrianba@microsoft.com
Reporter: ddorwin@google.com
QA Contact: public-html-bugzilla@w3.org
CC: mike@w3.org, public-html-media@w3.org
As discussed in bug 24025 and the Privacy Considerations section of the spec,
server certificates can be used to encrypt communication between the CDM and
license server, ensuring identifiers are protected at all times.
While the CDM could ask for a certificate in a message (in place of the license
request), this would require an extra round trip. Therefore, applications
should be able choose to proactively provide such a certificate before calling
createSession() (to reduce the latency).
Key systems that use such certificates should also support the additional round
trip model above to simplify interoperability for applications that are not
designed to provide certificates to specific key systems.
Since such a certificate is useful for all sessions and traffic and is unlikely
to vary for a given application and key system combination, it makes sense for
this to be a property of the MediaKeys object. There should be no need for an
application to later retrieve the certificate, so a setter method is
sufficient.
My proposal is to add the following to MediaKeys:
void setServerCertificate(Uint8Array serverCertificate);
The first step in the algorithm would be:
If the content decryption module corresponding to the keySystem attribute does
not support server certificates, throw a NOT_SUPPORTED_ERR exception and abort
these steps.
--
You are receiving this mail because:
You are on the CC list for the bug.
Received on Saturday, 29 March 2014 01:18:28 UTC