On Fri, Jun 15, 2018 at 5:39 AM Bernard Aboba <Bernard.Aboba@microsoft.com> wrote: > Youenn said: > > "The dual encryption use case is also interesting to study." > > [BA] It appears that there may be multiple of these, with different > security requirements. > > One of them is the "secure conferencing" use case. > > In this use case, the goal is to have end-to-end payload encryption, where > the service itself is untrusted and must not have access to unprotected > media (raw or encoded). > > As a result in such a use case JS access to raw or encoded cleartext > frames is an anti-requirement - this must be prevented to implement the use > case properly. > > The other use case relates to entertainment - namely content protection. > > Such a deep rabbit hole. Can we just stay far away and not think about this use case? > In that use case, the service is trusted, but the goal is to disable > aspects of browser functionality such as media recorder. > > So performance is not the only issue here - we need to understand exactly > what use case we are attempting to implement and what the resulting > security requirements are. > > Yoenn also said: > > "As of the streaming of media content, I agree there might be some > convergence, especially with live content. > That said, access to raw decodable content/raw decoded frames goes against > EME-based solutions." > > [BA] Indeed. That is why it is critical that we are clear on the use case > and *all* of the requirements necessary to make them work. >
Received on Friday, 15 June 2018 21:04:45 UTC