Hello Mike, Sure and done.
Yifan On Tuesday, October 24, 2023 at 1:36:32 AM UTC+2 blink-dev wrote: > Hi Yifan, > > Could you please request Privacy, Security, and Debuggability reviews in > the chromestatus entry? > > thanks, > Mike > On 10/20/23 9:49 AM, 'Yifan Luo' via blink-dev wrote: > > Contact emails l...@chromium.org, cl...@chromium.org > > Explainer > https://github.com/iVanlIsh/private-network-access/blob/main/explainer.md > > Specification https://wicg.github.io/private-network-access > > Design docs > https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y1WY/edit > > Summary > > In order to establish connections to devices on a local network that do > not have globally unique names, and therefore cannot obtain TLS > certificates, this feature introduces a new option to `fetch()` to declare > a developers' intent to talk to such a device, a new policy-controlled > feature to gate each sites' access to this capability, and new headers for > the server's preflight response to provide additional metadata. > > > Blink component Blink>SecurityFeature>CORS>PrivateNetworkAccess > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> > > TAG review https://github.com/w3ctag/design-reviews/issues/751 > > TAG review status Issues addressed > > Risks > > > Interoperability and Compatibility > > *Gecko*: No signal > > *WebKit*: No signal > > *Web developers*: Positive ( > https://github.com/WICG/private-network-access/issues/23) > > *Other signals*: > > Ergonomics > > This new feature requires users to click on the new permission. This may > lead users to spamming on some websites. However, this is an intentional > move to encourage the websites to provide security context. The origin > trial also aimed to measure the frequency of users getting the permissions. > > > Activation > > No. This feature attempt to bring developers an easier way to restrict > Private Network Access with secure context. > > > Security > > This is a security positive feature. > > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > None > > > Goals for experimentation > > Ongoing technical constraints > > None. > > > Debuggability > > Relevant information (client and resource IP address space) is already > piped into the DevTools network panel. We’ll likely also represent the > permission state in the settings pages. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)? No > > Mac, Windows, Linux, Chrome OS, Fuchsia, Android, WebLayer. Not Android > WebView because of the absence of deprecation trial integration (though > that may be changing soon, see https://crbug.com/1308425). Not iOS > because this requires changes in Blink and the network service, neither of > which are used on iOS. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? No > > > https://wpt.fyi/results/fetch/private-network-access/mixed-content-fetch.tentative.https.window.html?label=master&label=experimental&aligned&q=private-network-access > > > Flag name on chrome://flags > > Finch feature name None > > Non-finch justification None > > Requires code in //chrome? True > > Tracking bug https://crbug.com/1338439 > > Estimated milestones > OriginTrial desktop last 123 > OriginTrial desktop first 120 > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5954091755241472 > > Links to previous Intent discussions Intent to prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/6MczoSFGiHo/m/IigYuhu7AwAJ > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- > Yifan > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_ZS1ibT9H7e5UmoUF2OfCUq5ocsDHaCoJ2rShmPmAejQ%40mail.gmail.com > > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAG-zKU_ZS1ibT9H7e5UmoUF2OfCUq5ocsDHaCoJ2rShmPmAejQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/04d2de31-a4f5-471f-9319-d1248545796dn%40chromium.org.
