Re: "Revealed: how Microsoft handed the NSA access to encrypted messages" from Rick on 2013-07-11 (public-restrictedmedia@w3.org from July 2013)

From: Rick <graham.rick@gmail.com>
Date: Thu, 11 Jul 2013 18:06:50 -0400
To: "piranna@gmail.com" <piranna@gmail.com>
Cc: Jeff Jaffe <jeff@w3.org>, Andreas Kuckartz <A.Kuckartz@ping.de>, "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
Message-ID: <CAGDjS3ez9zCMR04DYAfuXd6fA-TRj_BuYoA9y3j2tpJ0ujrU2Q@mail.gmail.com>

On Thu, Jul 11, 2013 at 3:53 PM, piranna@gmail.com <piranna@gmail.com>wrote:

> >>> I don't understand why a closed implementation of an API for encrypted
> >>> media
> >>> helps the NSA get metadata about users emails and phone calls.
> >>>
> >> Are you kidding us? A closed implementation of WHATEVER can host
> >> anything inside it,
> >
> >
> > Sure I understand that part, but that appears to be related to the fact
> that
> > certain companies ship closed code and has nothing to do with the
> specifics
> > of EME.
> >
> Ok, it's true, it's not an EME issue but CDM developer companies
> issue, but the point is it's not a good idea to hold on a public
> (open!) specification such a security hole...
>

It's not true.  Companies shipping closed source EME drivers will have cart
blanche to do the same thing.

On all operating systems.

This is an EME issue.  If EME drivers are closed source this is a wide open
security hole that must be addressed.

-- 
*Once ... in the wilds of Afghanistan, I lost my corkscrew, and we were
forced to live on nothing but food and water for days.
        -- W. C. Fields*

Received on Thursday, 11 July 2013 22:07:17 UTC