- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 14 Nov 2014 23:49:27 +0100
- To: Henri Sivonen <hsivonen@hsivonen.fi>, Mark Watson <watsonm@netflix.com>, David Dorwin <ddorwin@google.com>, Mike West <mkwst@google.com>, Jake Archibald <jaffathecake@gmail.com>, "public-html-media@w3.org" <public-html-media@w3.org>, WebAppSec WG <public-webappsec@w3.org>, Ryan Sleevi <sleevi@google.com>
Here are some presumed facts: * Service workers require TLS. * Since we do not want service workers to affect legacy mixed content, fetch() with mode /no CORS/ can still fetch non-TLS content. The response to this is an opaque blob. (I don't like this, but Jake tells me this is how Chrome will do it.) * Netflix does not care about reading the contents of a response, it just wants to feed it into <video>. Given this, if we enable MSE to work with opaque responses, EME can require TLS, and Netflix can use TLS, while still not using it for MSE. -- https://annevankesteren.nl/
Received on Friday, 14 November 2014 22:49:56 UTC