[Bug 25920] New: Remove extraction of default URL from createSession() algorithm

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25920

            Bug ID: 25920
           Summary: Remove extraction of default URL from createSession()
                    algorithm
           Product: HTML WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Encrypted Media Extensions
          Assignee: ddorwin@google.com
          Reporter: ddorwin@google.com
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-media@w3.org

The default URL steps in the createSession() algorithm allow a license server
URL to be extracted from the Initialization Data.

However:
* This is inconsistent with EME's application-driven model.
* There is only one format that supports this, and it does so using proprietary
header boxes.
* Uses of it are unlikely to be interoperable.
* There are no current implementations or applications using it.
* There is a privacy and security risk in allowing media data to direct an
application to ping/contact a random server.

Therefore, we should remove these steps.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 29 May 2014 20:45:59 UTC