On Mon, 18 Jun 2018 14:32:32 +0530
Ramalingam C <[email protected]> wrote:

> On Monday 18 June 2018 02:23 PM, Pekka Paalanen wrote:
> > On Mon, 18 Jun 2018 13:38:09 +0530
> > Ramalingam C <[email protected]> wrote:
> >  
> >> On Monday 18 June 2018 01:34 PM, Pekka Paalanen wrote:  
> >>> On Sat, 16 Jun 2018 12:50:52 +0530
> >>> Ramalingam C <[email protected]> wrote:

> >>> The SRM table smells very much like compositor configuration,
> >>> especially because a) it is global state: you cannot program two
> >>> different tables to the same connector, and b) the compositor is
> >>> required to save it and use it later for all clients(?). One can also
> >>> envision a security issue, if a system allows third party apps: an app
> >>> could install a fake SRM table with a fake date.  
> >> Compositor is expected to store the latest SRM in the non-volatile and
> >> update with only newest versions.
> >> And it will supply the latest version to kernel(irrespective of what
> >> version is provided by app). This caching is not per connector.
> >> SRM table itself provides the version of it. and The validity of an SRM
> >> is established by verifying the integrity of its
> >> signature with the Digital Content Protection LLC public key, which is
> >> specified by the Digital
> >> Content Protection LLC. So no fake SRM will be accepted.  
> > Right, so I would propose to make that completely separate.  
> Ok. So how that should be implemented? As another protocol extension?

I don't know. Is there a reason to do it by Wayland?

Requesting content protection is a good fit to do by Wayland, because
it is per-window. Uploading a new SRB table is not tied to any window
or even a Wayland client, so why should it be a Wayland extension?

Is maintaining the SRB table the compositor's job, or is it a separate
service in the system that the compositor contacts?

I think this digs into the system design, and there is no obvious
benefit from using Wayland for it, that I don't think I can make a
recommendation.

For instance, if installing a new SRB table optionally uses internet
access to e.g. verify the signing key is still valid, then I don't
think it should be the compositor in charge of maintaining the SRB
table.


Thanks,
pq

Attachment: pgpAfqXvbW_02.pgp
Description: OpenPGP digital signature

_______________________________________________
wayland-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/wayland-devel

Reply via email to