Re: Require security review before FPWD

On 11/03/2014 07:33 AM, Anne van Kesteren wrote:
> On Mon, Nov 3, 2014 at 1:10 PM, David Singer <singer@apple.com>
> wrote:
>> Since I have no idea how we got from ‘when is it required that an
>> XXX review be done?’ to ‘has the W3C endorsed DRM?’ I can only
>> conclude that we’re seriously at cross purposes.
>
> I brought up EME as an example of where vendors implemented and
> shipped something that is bad for security and privacy. Reviewers
> are at a loss. You said vendors should follow the W3C. I argued that
> such an argument did not apply here as the W3C has not made up its
> made mind (or so claims the leadership).

Having recently been at a F2F with those vendors, I can confidently
state that a security review prior to FPWD would not have changed vendor
behavior.  In fact, I see a lot of parallel to the <video> tag[1].  That
being said, discussion is ongoing, and I encourage readers to consult
the following:

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#c130

https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#privacy-secureorigin

- Sam Ruby

[1] 
http://lists.w3.org/Archives/Public/public-whatwg-archive/2009Jun/0599.html

Received on Monday, 3 November 2014 13:07:35 UTC