- From: Mark Watson <watsonm@netflix.com>
- Date: Fri, 16 Aug 2013 09:09:14 -0700
- To: "cobaco@freemen.be" <cobaco@freemen.be>
- Cc: "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
- Message-ID: <CAEnTvdBbGQ9nvx=n+1Nwi6GOd20mS44868TPA7csmf4S9our5Q@mail.gmail.com>
On Fri, Aug 16, 2013 at 8:40 AM, cobaco <cobaco@freemen.be> wrote: > On 2013-08-16 07:49 Mark Watson wrote: > > If a browser integrates a specific CDM, what makes you think that they > > will pay less attention to user security and privacy with respect to > > that part of the browser compared to the attention they pay to the > > rest of the browser ? > > CDM's in general are in the EME spec as black boxes, > consequently EME-implementors can't make sure they respect the user's > privacy > or security, as they don't have the access needed to verify that > They are black boxes as far as the specification is concerned, yes, but not necessarily as far as the browser implementor has concerned. For the two that have shipped the browser implementor also owns the source code of the CDM, so again I am wondering why you think they would pay less attention to security/privacy for the CDM than for the rest of the browser ? We can explicitly ask in the EME Security and Privacy Consideration that they pay equal attention, if that helps. If a browser uses a third-party CDM, I would expect the browser implementor to get some assurances from the third-party, in whatever form they deem necessary to maintain the integrity of the promises they make to users. If they can't get that, they could refuse to support the CDM or they could cover it with user warnings, disable it by default etc. - whatever they deemed appropriate. ...Mark > -- > Cheers > > > >
Received on Friday, 16 August 2013 16:09:41 UTC