On 10/5/2013 4:00 PM, farr...@furcadia.com wrote: > Well, I was very disappointed not to find any discussion here of the > issues and challenges that W3C's decision on DRM for HTML5 would > bring for security. > > I sort of expected people to be all over that here, when I saw the > group name.
The issues around it are not really "security" issues, it's a policy and philosophical argument. There will no doubt be unintentional security bugs in the external DRM plugins--as there is with just about every new feature we do--but the concern with DRM is that as the EFF (or someone like that) puts it it is "broken by design". The policy issues go well beyond the limited audience of this security list and are being discussed elsewhere. I'd imagine either the "web platform" group or the governance group (or both). > DRM in HTML5 - *if* the decision is made to back it - almost > certainly means: - The end of verifiably-secure, open-source FF. - > The end of FF as part of security projects like TOR, TAILS, etc, > since if FF uses closed binary blobs then it cannot be trusted. Firefox will never require the use of closed binary blobs. Since the code is licensed to be compatible with GPL it simply must have the ability to function without such things. I expect that if we implement this it would be functionally much like plugins are today -- optional, but without it you lose access to content that requires it. -Dan Veditz
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
