[encrypted-media] Individualization text regarding device identifiers is overly broad and restrictive from None via GitHub on 2015-10-20 (public-html-media@w3.org from October 2015)

From: None via GitHub <sysbot+gh@w3.org>
Date: Tue, 20 Oct 2015 06:17:58 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-112295343-1445321876-sysbot+gh@w3.org>

steelejoe has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Individualization text regarding device identifiers is overly broad
 and restrictive ==
Section 9.4 contains the following text:

"Such implementations should not use identifiers for a device or user 
of a device in the individualization process."

This is too broad. I proposed instead the following:
"Such implementations should not directly provide identifiers for a 
device or user of a device in any messages sent during the 
individualization process. "

This allows for implementations which generate unique identifiers not 
directly associable with the device or user by digesting a mixture of 
device identifiers. These identifiers can have the security property 
that two different devices are unlikely to generate the same 
identifier, but also have the privacy property that it is very 
difficult to match an identifier to a user+device.

David suggested looking for guidance to [this email 
thread](https://lists.w3.org/Archives/Public/public-html-media/2014Oct/0092.html).

Original bug was [Bug 
27168](https://www.w3.org/Bugs/Public/show_bug.cgi?id=27168).

See https://github.com/w3c/encrypted-media/issues/110

Received on Tuesday, 20 October 2015 06:18:00 UTC