[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[AVT] Re: IESG Review of draft-ietf-avt-mpeg4-simple-07.txt - Discuss Comments
> jan.vandermeer@philips.com writes:
>
> As far as I understand these constraints do not allow dangerous ECMA
> script constructs, which means there is no need for an ECMA script
> security model in this context. Below I attached the MPEG-4 annex that
> describes the differences.
Do "MPEG-4 scripts" give the script control over audio volume of the
presentation, in a way that could override the levels manually set
by the human listening to the decoder? A rogue program that blows
out the speakers of the victim's terminal seems like a security
risk of some sort, although not of the classical kind since data
and CPU and network are not compromised ... if this is an actual
risk, might be worth warning implementors in the Security
Considerations section ...
-------------------------------------------------------------------------
John Lazzaro -- Research Specialist -- CS Division -- EECS -- UC Berkeley
lazzaro [at] cs [dot] berkeley [dot] edu www.cs.berkeley.edu/~lazzaro
-------------------------------------------------------------------------
_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt