Re: Individualization from Mark Watson on 2014-10-28 (public-html-media@w3.org from October 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 28 Oct 2014 14:12:28 -0700
To: David Dorwin <ddorwin@google.com>
Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Joe Steele <steele@adobe.com>, "<public-html-media@w3.org>" <public-html-media@w3.org>
Message-ID: <CAEnTvdBNMuMMV6dp4gdh95YbipcmqxaqcbdFPQcYcO_yQzrEUw@mail.gmail.com>

On Tue, Oct 28, 2014 at 1:59 PM, David Dorwin <ddorwin@google.com> wrote:

> Thank you for the detailed reply. I think it would make a good addition to
> the privacy considerations section and/or the resolution of, for example,
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=27166.
>
> On Mon, Oct 27, 2014 at 7:24 AM, Henri Sivonen <hsivonen@hsivonen.fi>
> wrote:
>
>
>> (While I don't have a problem with explaining the privacy measures we
>> are putting in place in Firefox, I find this level of vetting for a
>> new enum item rather surprising. Have spec edit requests catering to
>> Microsoft's needs been vetted on this level of detail by this Task
>> Force? Where can I read a similar vetting of the privacy properties of
>> Microsoft's solution? Or Apple's in response to the initData changes
>> that catered, in practice, only to Apple?)
>
>
> Please don't take it personally - I'm just trying to make sure we have a
> good handle on the issues. Also, individualization hasn't really been
> discussed before. Unfortunately, some participants have made it nearly
> impossible to change or remove things - even unintentional oversights -
> from this spec, even for security, privacy, and interoperability reasons.
>

Sometimes, what might have been an unintentional oversights on your part,
might have been a vital feature for someone else. It *should* be difficult
to change something which is a vital feature for some participants. At
least it should be difficult to change it in advance of properly
understanding and otherwise providing for the feature.

...Mark




> With such a privacy-sensitive topic, I want to make sure we have
> appropriate text.
>
> Other vendors' solutions have not required API changes to the spec. While
> we aren't specifically vetting implementations, some of us are actively
> trying to understand and mitigate or restrict undesirable privacy and
> security properties traditionally associated with DRM. I don't know what
> initData changes you are referring to. Can you be more specific?
>
> David
>
>

Received on Tuesday, 28 October 2014 21:12:56 UTC