Re: [w3ctag/design-reviews] EME Extension: HDCP Policy Check (#323)

Sorry, everyone, for dropping the ball on responding to the feedback given here.

@cynthia, we have no plans for a maximum HDCP version check, as content security policies only ever go in one direction.

To your point about the remote playback API, we hadn't really considered that.  And I don't see any mention of EME in the remote playback spec, so I'm not sure how remote playback will work with EME generally.  I will reach out to the editors of the remote playback spec about this.

@hober, re:

> The existing way to check for HDCP requires a successful key exchange, which means that only sites trusted by the CDM can query this.

There's no such thing as "sites trusted by the CDM".  The CDM has no knowledge of the context in which it is running, and the license exchange is actually carried out by the web app.  So the reality is that the sites which can do this today are "sites that have access to a license server".  Several open-access license servers exist for the purposes of testing and integration, and their CORS headers allow access from "*".  So this becomes all sites running in a secure context.  Any HTTPS-hosted site can do a license exchange with these open license servers.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/323#issuecomment-507423057

Received on Monday, 1 July 2019 20:57:44 UTC