This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25201 - Add ability to preemptively provide a server certificate
Summary: Add ability to preemptively provide a server certificate
Alias: None
Product: HTML WG
Classification: Unclassified
Component: Encrypted Media Extensions (show other bugs)
Version: unspecified
Hardware: All All
: P3 normal
Target Milestone: ---
Assignee: David Dorwin
QA Contact: HTML WG Bugzilla archive list
Depends on:
Reported: 2014-03-29 01:18 UTC by David Dorwin
Modified: 2014-04-28 21:59 UTC (History)
2 users (show)

See Also:


Description David Dorwin 2014-03-29 01:18:22 UTC
As discussed in bug 24025 and the Privacy Considerations section of the spec, server certificates can be used to encrypt communication between the CDM and license server, ensuring identifiers are protected at all times.

While the CDM could ask for a certificate in a message (in place of the license request), this would require an extra round trip. Therefore, applications should be able choose to proactively provide such a certificate before calling createSession() (to reduce the latency).

Key systems that use such certificates should also support the additional round trip model above to simplify interoperability for applications that are not designed to provide certificates to specific key systems.

Since such a certificate is useful for all sessions and traffic and is unlikely to vary for a given application and key system combination, it makes sense for this to be a property of the MediaKeys object. There should be no need for an application to later retrieve the certificate, so a setter method is sufficient.

My proposal is to add the following to MediaKeys:
void setServerCertificate(Uint8Array serverCertificate);

The first step in the algorithm would be:
If the content decryption module corresponding to the keySystem attribute does not support  server certificates, throw a NOT_SUPPORTED_ERR exception and abort these steps.
Comment 1 David Dorwin 2014-04-28 21:59:58 UTC
Added in