This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 19785 - Clarification on key storage
Summary: Clarification on key storage
Status: RESOLVED DUPLICATE of bug 17750
Alias: None
Product: HTML WG
Classification: Unclassified
Component: Encrypted Media Extensions (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal
Target Milestone: ---
Assignee: Adrian Bateman [MSFT]
QA Contact: HTML WG Bugzilla archive list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-30 16:23 UTC by Joe Steele
Modified: 2012-10-31 15:47 UTC (History)
3 users (show)

See Also:


Attachments

Description Joe Steele 2012-10-30 16:23:20 UTC
There is some discussion on this email thread (http://lists.w3.org/Archives/Public/public-html-media/2012Oct/0066.html) about when keys are cleared. After re-reading the spec it does not appear clear that keys or licenses can be retained in a persistent cache by the CDM between sessions. 

I don't believe the intent of the spec is to prevent the CDM from retaining keys or licenses across sessions, but I think that needs to be spelled out in the spec a little more explicitly. Specifically I think this section (http://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#dom-close) needs to be clarified to say that only keys which are not intended to be retained across sessions should be cleared.

It might be useful to add a definition of transient keys versus persistent keys and use that as a reference point where key caching is discussed in the spec as well.
Comment 1 David Dorwin 2012-10-30 18:06:50 UTC
Issue 17750 is open to define the close() and object destruction behavior.

What do you mean by "sessions" when you say "across sessions"? Browser context sessions or key sessions? How "persistent" do you want to allow keys to be?

The existing text about caching is non-normative and relates to key replacement if, for example, the CDMs key storing resources are exhausted.
Comment 2 Joe Steele 2012-10-30 20:06:19 UTC
I mean across sessions created using createSession(). I also mean across browser instantiations -- e.g. if I close my browser I may not want to throw away all of my cached licenses. This has implications for when the browser is in privacy mode and when this type of data would be cleared, but all have pretty reasonable answers. 

Would you prefer moving this discussion to the other bug? I thought this was different enough that it warranted a new bug, but I had not read your last comment.
Comment 3 Joe Steele 2012-10-31 15:47:13 UTC

*** This bug has been marked as a duplicate of bug 17750 ***