- From: <bugzilla@jessica.w3.org>
- Date: Sat, 29 Mar 2014 01:18:22 +0000
- To: public-html-media@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25201 Bug ID: 25201 Summary: Add ability to preemptively provide a server certificate Product: HTML WG Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P3 Component: Encrypted Media Extensions Assignee: adrianba@microsoft.com Reporter: ddorwin@google.com QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-media@w3.org As discussed in bug 24025 and the Privacy Considerations section of the spec, server certificates can be used to encrypt communication between the CDM and license server, ensuring identifiers are protected at all times. While the CDM could ask for a certificate in a message (in place of the license request), this would require an extra round trip. Therefore, applications should be able choose to proactively provide such a certificate before calling createSession() (to reduce the latency). Key systems that use such certificates should also support the additional round trip model above to simplify interoperability for applications that are not designed to provide certificates to specific key systems. Since such a certificate is useful for all sessions and traffic and is unlikely to vary for a given application and key system combination, it makes sense for this to be a property of the MediaKeys object. There should be no need for an application to later retrieve the certificate, so a setter method is sufficient. My proposal is to add the following to MediaKeys: void setServerCertificate(Uint8Array serverCertificate); The first step in the algorithm would be: If the content decryption module corresponding to the keySystem attribute does not support server certificates, throw a NOT_SUPPORTED_ERR exception and abort these steps. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Saturday, 29 March 2014 01:18:28 UTC