W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Netflix, MSE, and EME

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 14 Nov 2014 23:49:27 +0100
Message-ID: <CADnb78ikCJFg1fkQ-NwS7fRDyAk7TajJziVmZ6RPtwQUCjmfEg@mail.gmail.com>
To: Henri Sivonen <hsivonen@hsivonen.fi>, Mark Watson <watsonm@netflix.com>, David Dorwin <ddorwin@google.com>, Mike West <mkwst@google.com>, Jake Archibald <jaffathecake@gmail.com>, "public-html-media@w3.org" <public-html-media@w3.org>, WebAppSec WG <public-webappsec@w3.org>, Ryan Sleevi <sleevi@google.com>
Here are some presumed facts:

* Service workers require TLS.
* Since we do not want service workers to affect legacy mixed content,
fetch() with mode /no CORS/ can still fetch non-TLS content. The
response to this is an opaque blob. (I don't like this, but Jake tells
me this is how Chrome will do it.)
* Netflix does not care about reading the contents of a response, it
just wants to feed it into <video>.

Given this, if we enable MSE to work with opaque responses, EME can
require TLS, and Netflix can use TLS, while still not using it for
MSE.


-- 
https://annevankesteren.nl/
Received on Friday, 14 November 2014 22:49:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC