[Bug 27168] New: Individualization text is overbroad and should be more specific from bugzilla@jessica.w3.org on 2014-10-24 (public-html-media@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Fri, 24 Oct 2014 23:45:49 +0000
To: public-html-media@w3.org
Message-ID: <bug-27168-5436@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27168

            Bug ID: 27168
           Summary: Individualization text is overbroad and should be more
                    specific
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encrypted Media Extensions
          Assignee: adrianba@microsoft.com
          Reporter: steele@adobe.com
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-media@w3.org

Section 9.4 contains the following text:

"Such implementations should not use identifiers for a device or user of a
device in the individualization process."

This is too broad. I proposed instead the following:
"Such implementations should not directly provide identifiers for a device or
user of a device in any messages sent during the individualization process."

This allows for implementations which generate unique identifiers not directly
associable with the device or user by digesting a mixture of device
identifiers. These identifiers can have the security property that two
different devices are unlikely to generate the same identifier, but also have
the privacy property that it is very difficult to match an identifier to a
user+device.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 24 October 2014 23:45:50 UTC