W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: [mixed-content] DASH Players and Mixed Content

From: Mike West <mkwst@google.com>
Date: Tue, 21 Jul 2015 18:18:07 +0200
Message-ID: <CAKXHy=fDVhme6SU8qjyw8wrsbCZfzEhN=h+m=OC6LS07qCXrwA@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>, Ryan Sleevi <sleevi@google.com>
Cc: Ben Gidley <ben@gidley.co.uk>, "public-webappsec@w3.org" <public-webappsec@w3.org>
+Ryan

On Tue, Jul 21, 2015 at 6:11 PM, Brad Hill <hillbrad@gmail.com> wrote:

> There was a proposal of this sort (not a blanket exception, but a safer
> way to allow for video-over-HTTP to HTTPS pages) by Ryan Sleevi, the start
> of the thread can be found here:
>
> https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0371.html
>
> We discussed this last week at our face-to-face in Berlin, and the feel of
> the room seemed to be that the proposal was technically sound, we weren't
> sure who exactly the customers of it would be.  I think Ryan had Netflix in
> mind given their previous reluctance to move to TLS for delivery, but with
> that resolved, nobody has publicly stepped up as wanting to adopt such a
> solution.  Our informal rule of thumb in this group is that we've wanted
> expressions of interest from two "customers" of a feature before we start
> working on something.
>
> Ben, do you maintain a player like this, or know someone who does, who
> would be willing to examine and comment on Ryan's proposal?
>
> thanks,
>
> Brad Hill
>
> On Tue, Jul 21, 2015 at 1:45 AM Ben Gidley <ben@gidley.co.uk> wrote:
>
>> I'd like to ask if you've considered how this proposal effects MPEG-DASH
>> players using Media Source Extensions?
>>
>> I've been using DASH players and they generally all break with today's
>> behavior on Chrome/Firefox is you're using a HTTPS page with a HTTP CDN for
>> the video content. This is because they mostly fetch content via XHR for
>> processing in their media source extension.
>>
>> It's not very desirable to push all video over SSL (as it breaks in
>> network caching commonly deployed by Telco's/ISP's) - is it possible to
>> consider a scheme to allow a media source extension to tech video?
>>
>>
>>
>> --
>> Ben Gidley
>>
>> www.gidley.co.uk
>> ben@gidley.co.uk
>>
>
Received on Tuesday, 21 July 2015 16:18:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC