This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23342 - The user should be in control of its own computing
Summary: The user should be in control of its own computing
Status: RESOLVED FIXED
Alias: None
Product: HTML WG
Classification: Unclassified
Component: Encrypted Media Extensions (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal
Target Milestone: ---
Assignee: Adrian Bateman [MSFT]
QA Contact: HTML WG Bugzilla archive list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-24 14:50 UTC by Julio Cesar Serrano
Modified: 2013-10-15 15:18 UTC (History)
5 users (show)

See Also:

Attachments

Description Julio Cesar Serrano 2013-09-24 14:50:17 UTC 
Under the "goals" section there is another line wich worries me.

"The user agent should not select among content decryption and
protection options. The application should make this decision."


I think here "user agent" has a "user" part, so you deny the user to
have knowledge about the method being used to "protect" the content?
If I ever were to use this EME, I'd like to know about binary files
(CDM) being downloaded and executed on my computer.
So this is unacceptable either.
Comment 1 Mark Watson 2013-09-24 15:03:21 UTC 
This comment is based on a mis-understanding.

It is absolutely not intended that EME applications cause new code to be downloaded to the user's computer. In fact one of the main motivations for the work is to *avoid* an install step.

The sentence quoted is intended to mean that if a User Agent supports multiple keysystems then the application should be able to choose from amongst these already installed systems. Users can, of course, enable/disable/uninstall keysystems, if such capabilities are offered by the User Agent. So, that is, the application may choose from amongst the keysystems that the user / user agent offers.

I suggest we reword the sentence in question as follows:

"The application shall be able to choose between the content protection options offered by the User Agent."
Comment 2 Julio Cesar Serrano 2013-09-25 00:13:45 UTC 
Again this is against my principles. The UA shouldn't be allowed to have CDM inside. Because not all people is going to watch EME protected content. So why should we allow such extra code we haven't control of? So CDM should be added only whenever the user is going to need it.
Comment 3 David Dorwin 2013-10-14 17:55:06 UTC 
I propose removing the Goals section. It has repeatedly led to confusion and does not belong in a spec (it is left over from the initial proposal).
Comment 4 Michael[tm] Smith 2013-10-15 07:05:11 UTC 
(In reply to Julio Cesar Serrano from comment #0)
> Under the "goals" section there is another line wich worries me.
> 
> "The user agent should not select among content decryption and
> protection options. The application should make this decision."

(In reply to Mark Watson from comment #1)
> I suggest we reword the sentence in question as follows:
> 
> "The application shall be able to choose between the content protection
> options offered by the User Agent."

(In reply to David Dorwin from comment #3)
> I propose removing the Goals section. It has repeatedly led to confusion and
> does not belong in a spec (it is left over from the initial proposal).

Given that it's non-normative section, the decision about what to do with it is an editorial decision. There's nothing implementable in that section, and nothing testable nor documentable -- so removing it would not substantively affect the spec in any way that would require re-review from, e.g., UA implementors, nor require anyone to have to re-write test cases, etc.
Comment 5 Adrian Bateman [MSFT] 2013-10-15 15:15:04 UTC 
This was discussed on the telcon 10/15:
http://www.w3.org/2013/10/15-html-media-minutes.html

The group agreed to remove the goals section.
Comment 6 Adrian Bateman [MSFT] 2013-10-15 15:18:19 UTC 
Removed the goals section: https://dvcs.w3.org/hg/html-media/rev/a5acef5bbe69