Bug 16547 - Is there a use case for explicitly releasing keys?
Summary: Is there a use case for explicitly releasing keys?
Alias: None
Product: HTML WG
Classification: Unclassified
Component: Encrypted Media Extensions (show other bugs)
Version: unspecified
Hardware: All All
: P3 normal
Target Milestone: ---
Assignee: David Dorwin
QA Contact: HTML WG Bugzilla archive list
Depends on:
Reported: 2012-03-28 00:11 UTC by David Dorwin
Modified: 2012-08-28 21:39 UTC (History)
7 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description David Dorwin 2012-03-28 00:11:07 UTC
From v0.1:
The current proposal does not support a mechanism to release keys. It is expected that the User Agent and CDM will release keys that are no longer needed as necessary to free resources. No use case for triggering this release from JavaScript has been identified.
Comment 1 Mark Watson 2012-05-30 21:44:05 UTC
Perhaps this is stating the obvious, but when secure proof of key release is supported there is a need for script control of key release. This could be explicit (a method to release the key or keys associated with a media element), or implicit when the media element is destroyed.
Comment 2 David Dorwin 2012-06-11 21:37:37 UTC
The draft says keys should be cleared (not available for future frames) on load [1], but it doesn't specifically say to destroy them. That seems like a good update. We should also document that they should be destroyed when the object is destroyed.

load should be called when .src is changed, so setting .src="" is one way to force _all_ keys to be destroyed (with the update above) without destroying the element.

However, this only applies to releasing keys when playback is interrupted/stopped.
Q: Is there a need to release key(s) without changing the source or interrupting playback?

[1] http://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#algorithms-load
Comment 3 David Dorwin 2012-06-11 21:54:16 UTC
This comment assumes the answer to the above question is "yes".

== Releasing all keys in a session ==
Note: If we want to use allow per-session key release/destruction, CDMs must track the keys for each session ID. Currently, this might be an implementation detail.

Assuming releasing keys during playback would only be necessary for different sessions (and thus different licenses), we could use cancelKeyRequest() if we slightly modified its purpose. cancelKeyRequest() is currently meant to be used after calling generateKeyRequest() and before a key is received (keyadded). If we removed step 3 from its algorithm, it could be used for explicitly releasing keys for a session.

Use of cancelKeyRequest() for this purpose somewhat abuses the name. Destroying a session object (see bug 16613), could serve both purposes. This would require clearing all references and be subject to garbage collection, though.

== Releasing individual keys within a session == 
Using cancelKeyRequest() or destruction of a session object would not allow release of specific keys within a session, though.
Q: Does such a use case exists? If so, is there any reason it couldn't use different sessions? (It seems it shouldn't since keys you want to treat differently, probably require their own license and request.)
Comment 4 David Dorwin 2012-08-17 06:24:05 UTC
The object-oriented API (bug 16613) includes a close() method, which closes the session and destroys the keys.

I think we can close this bug. If anyone believes close() should not do that or this does not solve a use case covered by this bug, please speak up. Otherwise, I'll close it.
Comment 5 Adrian Bateman [MSFT] 2012-08-28 21:39:15 UTC
Resolved fixed.