Re: Open Source implementations Re: Encrypted Media proposal (was RE: ISSUE-179: av_param - Chairs Solicit Alternate Proposals or Counter-Proposals)

On Sun, 26 Feb 2012 01:34:43 -0000, Charles Pritchard <chuck@jumis.com>  
wrote:

> It is the scripting environment and related sandbox that is treated as  
> an adversary.

The scripting environment on a page is controlled by: publisher (page  
source), user (bookmarklets, extensions), browser vendor and possibly  
others via page's vulnerabilities (XSS).

Are all of them considered adversaries then?

Can you clarify what do you mean by "related sandbox"?

> The user may have a separate security system in place, in hardware, on  
> the OS or otherwise separate.

How does this security system establish chain of trust? Where does the  
chain end (Content Decryption Module, browser, OS, display)?

> That said, sure, it is obvious that the intentions of many parties here  
> are not cleanly nor clearly related to user privacy.

Sorry, I don't understand how this relates to whether user is an adversary  
for the scheme or not.

-- 
regards, Kornel Lesiński

Received on Sunday, 26 February 2012 04:00:25 UTC