This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 16748 - Clarification of the "Process key" step, as well as xmlhttp.response handling.
Summary: Clarification of the "Process key" step, as well as xmlhttp.response handling.
Status: RESOLVED NEEDSINFO
Alias: None
Product: HTML WG
Classification: Unclassified
Component: Encrypted Media Extensions (show other bugs)
Version: unspecified
Hardware: All All
: P3 minor
Target Milestone: ---
Assignee: Adrian Bateman [MSFT]
QA Contact: HTML WG Bugzilla archive list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-16 14:58 UTC by Patrick Ladd
Modified: 2012-09-04 16:11 UTC (History)
5 users (show)

See Also:

Attachments

Description Patrick Ladd 2012-04-16 14:58:12 UTC 
It is clear why the proposal does not specify key and license transferal formats, but some informative text could avoid confusion.  For instance, if HTTPS is used and a key is encrypted using some other system then double encryption is taking place and that isn’t obvious in the proposal.  Suggest adding informative text in the following places:
1.      In the addkey sequence, step 5.4.1, change “Process key” to something like “Process key, may involve handler (CDM) specific decryption”.
2.      At appropriate places in the Javascript examples add a comment indicating the xmlhttp.response may be encrypted in a CDM specific manner.
Comment 1 Adrian Bateman [MSFT] 2012-08-28 21:20:57 UTC 
We're not sure what difference this proposal makes to implementations. Please can you provide more information about why this is necessary?
Comment 2 Patrick Ladd 2012-09-04 16:11:53 UTC 
The request is simply for informative clarification to notify users of the API that xmlhttp.response decrypts and an additional encryption is needed if the response is not to be in the clear in memory.  If the authors feel that that is self-evident then the bug can be closed.