- From: ddorwin via GitHub <sysbot+gh@w3.org>
- Date: Tue, 30 Aug 2016 21:07:55 +0000
- To: public-html-media@w3.org
ddorwin has just created a new issue for https://github.com/w3c/encrypted-media: == Non-distinctive Permanent Identifiers may be exposed to the application or origin == The NOTE in [Use Per-Origin Per-Profile Identifiers](https://w3c.github.io/encrypted-media/#per-origin-per-profile-identifiers) currently [1] says: >Permanent Identifiers MUST NOT be exposed to the application or origin. This statement includes all permanent identifiers, including values that are shared by, for example, all users of a specific device model [2] or platform. This is _not_ the intent and would likely prohibit any implementation that does not use Distinctive Identifiers. Looking at the the commit that [added](https://github.com/w3c/encrypted-media/commit/765295425f6fa259c76eea1169d24413268fce51#diff-f72607e47a6f74e53dc90eab8ee094e2R3262) this text, it appears this statement was intended to address the exception for Permanent Identifiers being per-origin in the normative text. However, I believe this should have been **Distinctive** Permanent Identifiers. The lack of requirements around non-distinctive Permanent Identifiers, that is Permanent Identifiers that are not Distinctive Permanent Identifiers, would seem to indicate there are not significant concerns about these, and, as mentioned above, they are essentially required for implementations that avoid using user-specific Distinctive Identifiers. [1] This is just used as a possible example. The spec does not say whether such a model key is distinctive. The spec says, "A Distinctive Permanent Identifier is a Permanent Identifier that is _not_ shared across a large population of users or client devices," but "large population" is not defined. This bug and example use here does not change that. Please view or discuss this issue at https://github.com/w3c/encrypted-media/issues/308 using your GitHub account
Received on Tuesday, 30 August 2016 21:08:05 UTC