[Bug 25595] New: Better definitions needed for session, keys and license from bugzilla@jessica.w3.org on 2014-05-08 (public-html-bugzilla@w3.org from May 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 08 May 2014 01:09:08 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-25595-2486@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25595

            Bug ID: 25595
           Summary: Better definitions needed for session, keys and
                    license
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encrypted Media Extensions
          Assignee: adrianba@microsoft.com
          Reporter: steele@adobe.com
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-media@w3.org

The definitions provided in Section 1.1 [1] for Key Session (1.1.3) and Key
(1.1.5) are overly restrictive. As they are currently defined they could be
interpreted to exclude some use cases, both current and future.

* The Key Session definition needs clarification
"A Key Session, or simply Session, represents the lifetime of the
license(s)/key(s) it contains and associates all messages related to them."

It is not clear what "lifetime" means in this context. I believe the intent is
to say that while a Session is valid, information about the keys associated
with it is accessible. The keys may or may not be alive or usable (see bug
25409). 

* The Key definition is too restrictive
"Such keys may only be provided to the CDM via an update() call."
Keys may also be provided directly in the initData so this statement should
read:
"Such keys may only be provided to the CDM via the createSession(),
loadSession() or update() calls."

* The License definition is also too restrictive
"A license is a key system-specific message that includes one or more
decryption key(s) - each associated with a key ID - and potentially other
information about key usage."

"Decryption keys" is ambiguous here. I believe you mean Keys as in the Key
definition. However licenses can also contain keys used for decrypting other
keys. Those keys are not associated with key IDs. So we either need a more
specific name for "keys used for decrypting media" OR we need to remove the
text that says there must be associated key IDs.


[1]
https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#definitions
[2] https://www.w3.org/wiki/HTML/Media_Task_Force#Use_Cases

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 8 May 2014 01:09:09 UTC