Re: Require security review before FPWD

On 11/03/2014 07:33 AM, Anne van Kesteren wrote:
> On Mon, Nov 3, 2014 at 1:10 PM, David Singer <>
> wrote:
>> Since I have no idea how we got from ‘when is it required that an
>> XXX review be done?’ to ‘has the W3C endorsed DRM?’ I can only
>> conclude that we’re seriously at cross purposes.
> I brought up EME as an example of where vendors implemented and
> shipped something that is bad for security and privacy. Reviewers
> are at a loss. You said vendors should follow the W3C. I argued that
> such an argument did not apply here as the W3C has not made up its
> made mind (or so claims the leadership).

Having recently been at a F2F with those vendors, I can confidently
state that a security review prior to FPWD would not have changed vendor
behavior.  In fact, I see a lot of parallel to the <video> tag[1].  That
being said, discussion is ongoing, and I encourage readers to consult
the following:

- Sam Ruby


Received on Monday, 3 November 2014 13:07:35 UTC