Update security and privacy questionnaire

Author: chrisn

security-privacy-questionnaire.md

@@ -12,108 +12,107 @@ Questionnare: https://w3ctag.github.io/security-questionnaire/ (as at 24 May 202
 
 ## 2.2 Do features in your specification expose the minimum amount of information necessary to implement the intended functionality?
 
-**Handling hardware context reset:** Yes. It only expose an enum summarizing the reason.
+**Handling hardware context reset:** Yes. It only exposes an enum summarizing the reason.
 
 **Querying encryption scheme support:** TODO
 
 **HDCP policy detection:** TODO
 
 ## 2.3 Do the features in your specification expose personal information, personally-identifiable information (PII), or information derived from either?
 
-**Handling hardware context reset:** No such info is exposed.
+**Handling hardware context reset:** No such information is exposed.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No such information is exposed.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No such information is exposed.
 
 ## 2.4 How do the features in your specification deal with sensitive information?
 
-**Handling hardware context reset:** No sensitive information.
+**Handling hardware context reset:** The features do not deal with any sensitive information.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** The features do not deal with any sensitive information.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** The features do not deal with any sensitive information.
 
 ## 2.5 Do the features in your specification introduce state that persists across browsing sessions?
 
 **Handling hardware context reset:** No.
 
-**Querying encryption scheme support:** TODO
-
-**HDCP policy detection:** TODO
+**Querying encryption scheme support:** No.
 
+**HDCP policy detection:** No.
 
 ## 2.6 Do the features in your specification expose information about the underlying platform to origins?
 
 **Handling hardware context reset:** Currently "hardware context reset" only happens on Windows. So the site could guess it's an Windows OS if it happens.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** The `MediaKeySystemMediaCapability.encryptionScheme` attribute, returned from MediaKeySystemAccess.getConfiguration(), indicates the encryption scheme associated with the content type. This gives an indication of which encryption schemes the underlying platform supports.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** The `MediaKeys.getStatusForPolicy()` method returns information about which HDCP policy versions the underlying platform supports.
 
 ## 2.7 Does this specification allow an origin to send data to the underlying platform?
 
 **Handling hardware context reset:** No.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No.
 
 ## 2.8 Do features in this specification enable access to device sensors?
 
 **Handling hardware context reset:** No.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No.
 
 ## 2.9 Do features in this specification enable new script execution/loading mechanisms?
 
 **Handling hardware context reset:** No.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No.
 
 ## 2.10 Do features in this specification allow an origin to access other devices?
 
 **Handling hardware context reset:** No.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No.
 
 ## 2.11 Do features in this specification allow an origin some measure of control over a user agent’s native UI?
 
 **Handling hardware context reset:** No.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No.
 
 ## 2.12 What temporary identifiers do the features in this specification create or expose to the web?
 
 **Handling hardware context reset:** No temporary identifiers.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No temporary identifiers.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No temporary identifiers.
 
 ## 2.13 How does this specification distinguish between behavior in first-party and third-party contexts?
 
 **Handling hardware context reset:** Not distinguished. But EME usage in general is controlled by permission policy. https://w3c.github.io/encrypted-media/#permissions-policy-integration
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** As above.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** As above.
 
 ## 2.14 How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
 
 **Handling hardware context reset:** No difference.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No difference.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No difference.
 
 ## 2.15 Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
 
@@ -123,9 +122,9 @@ Yes, see the [Security](https://w3c.github.io/encrypted-media/#security) and [Pr
 
 **Handling hardware context reset:** No.
 
-**Querying encryption scheme support:** TODO
+**Querying encryption scheme support:** No.
 
-**HDCP policy detection:** TODO
+**HDCP policy detection:** No.
 
 ## 2.17 What happens when a document that uses your feature is kept alive in BFCache (instead of getting destroyed) after navigation, and potentially gets reused on future navigations back to the document?