[encrypted-media] Comments on security and privacy sections from ddorwin via GitHub on 2016-07-19 (public-html-media@w3.org from July 2016)

From: ddorwin via GitHub <sysbot+gh@w3.org>
Date: Tue, 19 Jul 2016 00:28:09 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-166223066-1468888086-sysbot+gh@w3.org>

ddorwin has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Comments on security and privacy sections ==
@steelejoe wrote the following in 
https://github.com/w3c/encrypted-media/issues/221#issuecomment-224341040.
 I've moved the remaining items (and one reply) here to separate them 
from the larger "review" issue #221.

>I have some nit-picky comments. Should be relatively easy to address.
 
>
>Section 10.3.2 Mitigations
TLS -- "Furthermore, origin-specific permissions in combination with a
 secure origin, **ensure** that permissions granted to an application 
**cannot be abused** by a network attacker.". This language is too 
strong. We can safely say that TLS makes abuse far less likely, but 
not impossible. This should be changed to "Origin-specific permissions
 in combination with a secure origin make abuse of permissions granted
 to an application by a network attacker far less likely.".
>...
>
>Section 11.4.2 Mitigations "Shared blacklists"
This section is unclear. What is a "Key System origin"? Does this 
refer to the dotted identifier for the Key System itself, in which 
case a blacklist seems like overkill since there are only a small 
number of Key Systems. Or does this refer specifically to use a 
particular Key System on an application origin? The latter seems more 
likely. If that is the correct interpretation this should be changed 
to "User agents may allow users to share blacklists of application 
origins and/or Key Systems". 
>
>Section 11.4.2 Mitigations "Per-origin user alerts / prompts and 
permissions"
This sentence "User agents must prompt or otherwise inform the user 
before allowing use of a Distinctive Identifier that is not unique 
per-origin and/or not clearable is used. " is unnecessary based on the
 note following. Why not just remove it and the note? Apologies if 
this has been discussed in depth -- I did not see it. 

Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/273 using your GitHub 
account

Received on Tuesday, 19 July 2016 00:28:16 UTC