- From: <bugzilla@jessica.w3.org>
- Date: Fri, 07 Nov 2014 12:19:00 +0000
- To: public-html-media@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27270 Bug ID: 27270 Summary: Normatively require distinctive identifiers to be forgettable/regeneratable Product: HTML WG Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Encrypted Media Extensions Assignee: adrianba@microsoft.com Reporter: hsivonen@hsivonen.fi QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-media@w3.org Depends on: 27268, 27269 In order to give users the opportunity to cause a discontinuity in the ability of a site, third parties who scripts the site includes or a network MITM who injects EME usage into a non-https site to track the user across time, please require that distinctive identifiers be forgettable and regeneratable. (Start proposed spec text for a *normative* section) Implementations MUST ensure that the user may request distinctive identifiers to be forgotten such that new different distinctive identifiers are generated in the place of the old ones when distinctive identifiers are needed subsequently. It is RECOMMENDED that users be able to request that distinctive identifiers be forgotten on a per-site basis, particularly as part of a "Forget about this site" feature that forgets cookies, databases, etc. associated with a particular site in an operation that is sufficiently atomic to prevent "cookie resurrection" type of recorrelation of a new identifier with the old by relying on another type of locally stored data that did not get cleared at the same time. Note: The most obvious way to meet this requirement is to ensure that the salt contemplated in the above note (actually in bug 27269) be forgettable such that a new salt is randomly generated when needed. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Friday, 7 November 2014 12:19:01 UTC