EPUB 3 Working Group Telco — Minutes

Date: 2022-02-03

See also the Agenda and the IRC Log


Present: Dave Cramer, Toshiaki Koike, Masakazu Kitahara, Shinya Takami (高見真也), Matthew Chan, Matt Garrish, Brady Duga, Wendy Reid

Regrets: Ben Schroeter


Chair: Dave Cramer

Scribe(s): Matthew Chan


Dave Cramer: today we are going to continue the talk about security and privacy issues.

1. Review Privacy and Security PR.

See github pull request epub-specs#1972.

Dave Cramer: first the big PR of the updated security and privacy section.

Dave Cramer: https://pr-preview.s3.amazonaws.com/w3c/epub-specs/pull/1972.html#sec-security-privacy.

Dave Cramer: https://raw.githack.com/w3c/epub-specs/update/privacy-security/epub33/rs/index.html.

Dave Cramer: here are previews of both Core and RS.
… there have been many changes to this recently.

Matt Garrish: since the last call I’ve pulled out some of the normative sounding stuff in the privacy and security section, e.g., scripting.
… there’s now 2 new sections under part 2 - 1 about network access (methods to indicate and stop network access), 2 opening external links in a browser.
… took scripting stuff and moved it back to the scripting section.
… there were a couple statements that could be normative which were in fact made normative - DOM events, and user control of stored data.
… the security and privacy section was not really edited otherwise.

Dave Cramer: https://raw.githack.com/w3c/epub-specs/update/privacy-security/epub33/rs/index.html#sec-epub-rs-network-access.

Matt Garrish: reflecting push from last call of making the things that could be normative actually normative.

Dave Cramer: super helpful, thank you.
… link to network access section of RS spec.
… and right next to that is external links (‘RS should open external links in browser to use browser’s security features’).
… and these sound testable.
… comments?.
… how close is this to what existing RS are doing now?.

Wendy Reid: we (Kobo) pass.

Brady Duga: Google passes.

Shinya Takami (高見真也): I will ask JP participants in Japanese.
… [addresses JP members].
… we’ve discussed with reps from Voyager (browser based RS).
… Voyager does not support scripting, but they do support remote resources.
… so we think the additional normative requirements are acceptable for the JP market.

Brady Duga: do the external links open in a new browser window (i.e. new browser context)?.

Shinya Takami (高見真也): i will confirm.
… [addresses in JP].
… another browser window will pop-up to view the link.

Dave Cramer: mgarrish do you think this is now in a place where we can merge it?.

Matt Garrish: yes, a lot of this existed prior anyway. We’re just making it normative. I would merge now..
… i think Ivan’s last comment said he was happy with it now.

Proposed resolution: Merge PR 1972. (Wendy Reid)

Wendy Reid: +1.

Shinya Takami (高見真也): +1.

Matthew Chan: +1.

Brady Duga: +1.

Dave Cramer: +1.

Matt Garrish: +1.

Masakazu Kitahara: +1.

Toshiaki Koike: +1.

Resolution #1: Merge PR 1972.

Dave Cramer: any general comments on this before we move on?

2. Updates to Obfuscation.

See github pull request epub-specs#1980.

See github issue epub-specs#1873.

Dave Cramer: this is the PR. There’s a lot of discussion in the related issue..
… we’ve made a bunch of fixes to this.
… npd asked if we could explain harms of font obfuscation techniques, i.e., interop issues, opacity for end users inspecting what they are reading.
… but i’ve never had to inspect font file of epub i’m reading, so i’m not on board with that.
… could create liability for RS.
… but i’m not aware of legal issues, or threat of legal issues.

Brady Duga: i’m skeptical of even mentioning legal issues without explicit guidance from lawyers.
… even the caution that we’re currently proposing, not sure what legal implications we are hinting at with that.
… if I was concerned about legal issues, I would consult my legal team rather than getting it from a spec.

Dave Cramer: i share this concern.

Matt Garrish: yeah, i struggled to come up with a caution that was meaningful.
… there was talk about DMCA.
… there are probably legal issues all over the place, so why pick just one.
… i’m not strongly in favor of this, so I would be okay with removal.
… stuff on content side is a little less controversial.

Dave Cramer: and some of the other limitations are legitimate.
… there can be real interop problems, etc..

Wendy Reid: +1 to general caution.

Brady Duga: i’m fine with the general caution.

Dave Cramer: mgarrish can you just remove the legal reference?.

Matt Garrish: yes.

Brady Duga: one other language issue about “designed to break the obfuscation”.
… you’re not breaking the obfuscation because its a well defined algorithm.

Wendy Reid: “deobfuscate”.

Brady Duga: “intentionally make available”?.

Matt Garrish: agree.
… on the RS side, do we leave it as SHOULD, or should be go back to MUST support deobfuscation?.

Brady Duga: fine with having it as SHOULD support deobfuscation.

Dave Cramer: fine with leaving it at SHOULD, this is not a core feature.

Proposed resolution: Remove the legal reference from PR 1980, and merge 1980. (Wendy Reid)

Shinya Takami (高見真也): +1.

Wendy Reid: +1.

Toshiaki Koike: +1.

Matthew Chan: +1.

Brady Duga: +1.

Masakazu Kitahara: +1.

Dave Cramer: +1.

Resolution #2: Remove the legal reference from PR 1980, and merge 1980.

3. Discuss Security feedback.

Dave Cramer: See last meeting’s discussions.

Dave Cramer: last meeting we had npd join us to talk through all this.
… and i think we’ve already implemented some of the suggestions that came up (i.e. moving some of the normative sounding assertions out of the section, making them normative).

Wendy Reid: is there any remaining thing we still need to address, or are we ready to go back to PING and ask for new review?.

Dave Cramer: there were questions at the end of the call about the EPUBReadingSystem object.

Wendy Reid: its common for websites to look at which browser/OS combo users are on.
… there are websites that say ‘sorry, this only works on Chrome’ or whatever, but no real equivalent where certain epubs only work on specific RSes.

Matt Garrish: isn’t some of this already covered? The issue here is relaying info out via script.
… the things in scripting section about user consent, etc. seems applicable.
… not sure why the EPUBReadingSystem object is special case.

Wendy Reid: agree, there is coverage in other areas we discussed.

Matt Garrish: what are we worried that people will do with this? What is the risk of revealing the UA?.

Wendy Reid: if content creators were using that in any way there would be more mobile friendly books.

Dave Cramer: the reality now is that the people who make the epubs don’t really know who read them.
… not seeing what action we could take here.
… feels like we’ve gotten feedback from PING, and we’ve addresses those discussions in these PRs, and will merge them.
… we can let them tell us if this is satisfactory, or if we need to go for another round of discussion.
… this is progress.
… thanks to wendyreid and mgarrish.

4. AOB?.

Wendy Reid: there’s a new CG. Interactive Media CG. They are exploring intersection of media, interactivity, and content. e.g. Games on the web.
… they’ve reached out to synced media, so i suggested they talk to Publishing as well.
… i will share in the mailing list.

Dave Cramer: and we’re getting closer to CR.
… cool, thank you everyone for your time, we’ll see everyone next week.

5. Resolutions