-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Design questions for Signed Exchanges #354
Comments
WICG/webpackage#424 tries to record the threat model that Safari's using to prevent tracking. It would be useful to have an anti-tracking threat model at the TAG level so we could analyze platform features in a consistent way. @hober, are you at all interested in helping to drive that? |
I think such an effort would be better driven by someone for whom this is an area of expertise. |
Discussed at Tokyo f2f.... |
We discussed and requested some further info on the relevant flows - maybe some flowcharts.. There will also be a breakout on this topic at TPAC. |
Hi @jyasskin - We're just picking this up again at our f2f and I see we haven't got any further info from you on documenting the flows. Considering it's been a few months, could you let us know status on this? Is this something where you still need TAG advice / feedback and if so, could you indicate what specific areas you are looking for feedback on? Considering @hober's comment above maybe we should close this issue for now? |
Also, regarding WICG/webpackage#376 do you need a 'stale' state there, so that mechanism like stale-while-revalidate but adapted to signed exchanges would fit the invalidation use-case? I would imagine that a revalidation would reset the staleness state of the content, to void checking too often and revealing information about the reader. |
Hi @jyasskin we're just coming back to this and we haven't had any updates since December, but I do see that there have been some recent updates to the specs... Can you please leave an update here also addressing the question I asked on 3-December, above? If there's no feedback you're currently waiting for from the TAG then maybe we should close this issue? We're in the middle of our f2f this week and I'd like to close this issue now unless you we hear from you. |
Based on feedback from @jyasskin we're going to close this for now. As discussed, please re-open when there is something new for us to take a look at. Thanks! |
I'm requesting TAG input on some design questions we discussed at the 2019-02 Tokyo meeting. #235 is already closed, so I'm filing a new issue.
Questions:
credentials
="omit"
? This requires at least a new attribute on<a>
tags to set its credentials mode and Fetch infrastructure to handle that on navigations.We'd prefer the TAG provide feedback as (please select one):
The text was updated successfully, but these errors were encountered: