Re: [blink-dev] Intent to Ship: Protected Audience directFromSellerSignals via HTTP response headers

Hi Yoav, some responses inline: On Wednesday, September 6, 2023 at 12:15:45 PM UTC-4 Yoav Weiss wrote: On Tue, Sep 5, 2023 at 9:55 PM Paul Jensen wrote: Contact emails *pauljen...@chromium.org *Explainer *https://github.com/WICG/turtledove/pull/69

Re: [blink-dev] Intent to Ship: Protected Audience directFromSellerSignals via HTTP response headers

tend to land all 3 pull requests. Thanks, -Caleb On Monday, September 11, 2023 at 11:18:26 AM UTC-4 Mike Taylor wrote: > > On 9/11/23 12:55 PM, Mike Taylor wrote: > > On 9/7/23 6:00 PM, Caleb Raitto wrote: > > Hi Yoav, some responses inline: > > On Wednesday, September 6,

Re: [blink-dev] Intent to Ship: Protected Audience directFromSellerSignals via HTTP response headers

imit doesn't mean most responses would actually use that. >> >> On Sat, Sep 16, 2023 at 6:52 AM Yoav Weiss >> wrote: >> >>> >>> >>> >>> On Fri, Sep 15, 2023 at 10:00 PM Mike Taylor >>> wrote: >>> >>>> Than

Re: [blink-dev] Intent to Ship: Protected Audience directFromSellerSignals via HTTP response headers

>>> lower it if this runs into issues in the field. Also presumably, having >>> that as a limit doesn't mean most responses would actually use that. >>> >>> On Sat, Sep 16, 2023 at 6:52 AM Yoav Weiss >>> wrote: >>> >>>> >

Re: [blink-dev] Intent to Ship: Protected Audience directFromSellerSignals via HTTP response headers

Understood, will do. -Caleb On Mon, Nov 13, 2023 at 10:37 AM Mike Taylor wrote: > Thanks for the heads up. It would be nice to write WPTs for these changes > (to the extent that it's possible), rather than just Chromium unit tests. > On 11/10/23 4:17 PM, Caleb Raitto wrote: >

Re: [blink-dev] Intent to Ship: Protected Audience directFromSellerSignals via HTTP response headers

To follow-up, WPT for the LIFO changes have landed: https://github.com/web-platform-tests/wpt/pull/43510 -Caleb On Monday, November 13, 2023 at 10:53:06 AM UTC-5 Caleb Raitto wrote: > Understood, will do. > > -Caleb > > On Mon, Nov 13, 2023 at 10:37 AM Mike Taylor > wrot

Re: [blink-dev] Intent to Experiment: Storage Buckets API

Hi -- can you add a privacy and security section to the explainer? For instance, it would be good to know how this feature interacts with storage partitioning. Thanks, -Caleb On Friday, April 28, 2023 at 1:17:50 PM UTC-4 Mike Taylor wrote: > LGTM to experiment from M115 to M118. > On 4/28/23

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

I think this was discussed before with mmenke@, but he's ooo: How does this feature work in cross-site iframes? What prevents the PRF from acting as a cross site identifier (are credentials usable in cross site iframes)? Thanks, -Caleb On Monday, May 1, 2023 at 4:45:31 PM UTC-4 nick@agile

Re: [blink-dev] Re: Intent to Ship: WGSLLanguageFeatures for WebGPU

Are these language extensions specific to certain GPUs (could this be used to fingerprint the GPU)? Or are the language extensions something that some browsers will implement, but others won't? Thanks, -Caleb On Wednesday, April 26, 2023 at 3:36:27 PM UTC-4 Mike Taylor wrote: > All good - I'v

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

Thanks, makes sense -- can a note about this be added to the privacy section of the explainer / spec? -Caleb On Tue, May 2, 2023 at 12:06 PM Adam Langley wrote: > On Tue, May 2, 2023 at 8:31 AM Caleb Raitto wrote: > >> I think this was discussed before with mmenke@, but he'

Re: [blink-dev] Re: Intent to Ship: WGSLLanguageFeatures for WebGPU

t at different times, it's important that the > application be able to query their support status so they can know which > versions of shaders to serve up to clients - or to generate at run time. > > -Ken > > > > On Tue, May 2, 2023 at 8:33 AM Caleb Raitto wrote: >

Re: [blink-dev] Intent to Experiment: Storage Buckets API

Thanks Evan! -Caleb On Thu, May 4, 2023 at 4:41 PM Evan Stade wrote: > Hi Caleb, > > Added a section here > <https://github.com/WICG/storage-buckets/blob/main/explainer.md#privacy-and-security-considerations>. > Thanks for feedback. > > -- Evan Stade > > >

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

On Thursday, May 4, 2023 at 6:11:17 PM UTC-4 Adam Langley wrote: On Tue, May 2, 2023 at 9:55 AM Caleb Raitto wrote: Thanks, makes sense -- can a note about this be added to the privacy section of the explainer / spec? I think the Privacy section covers that now. If you see gaps, please do

Re: [blink-dev] Re: Intent to Experiment: HTTPS Upgrades

Thanks for making this security-positive change! Quick question -- what impact, if any, would this have on captive portals? I know some folks visit sites like http://neverssl.com/ to access captive portal pages. If I understand correctly, these pages would still work, since a resource only avai

[blink-dev] Re: Intent to Prototype: No-Vary-Search Hint for Prerender Speculation Rules

I noticed the spec, https://github.com/WICG/nav-speculation/blob/main/triggers.md#no-vary-search-hint , doesn't have a privacy and security section -- could you add one? It looks like there's lots of other good information about the pri

[blink-dev] Re: Intent to Prototype: No-Vary-Search Hint for Prerender Speculation Rules

Thanks Liviu! -Caleb On Tue, May 28, 2024 at 10:49 AM Liviu Tinta wrote: > Hi Caleb, > > Your request will be addressed as part of nav-speculation#319 > <https://github.com/WICG/nav-speculation/issues/319>. > > Thank you, > Liviu > On Friday, May 17, 2024 at 4:51:

Re: [blink-dev] Intent to Ship: Protected Audience: Allow trusted bidding signals to trigger interest group updates

Response inline On Monday, June 3, 2024 at 10:16:06 PM UTC-4 Mike Taylor wrote: On 5/31/24 11:40 PM, Paul Jensen wrote: Contact emails pauljen...@chromium.org Explainer https://github.com/WICG/turtledove/pull/1095 Specification https://github.com/WICG/turtledove/pull/1124 Summary T

Re: [blink-dev] Intent to Ship: Third-party Cookie Grace Period Opt-Out

Hi -- just had some questions about this (I'm the Potassium open web platform security / privacy reviewer this week), as I was a bit confused... I'm trying to understand how the tokens work for origin trials. IIUC, the origin trial "enabled" behavior only happens if you serve the deprecation tr

Re: [blink-dev] Intent to Ship: Third-party Cookie Grace Period Opt-Out

.well-known resource > and could overload its server. > - Not a privacy/security risk, but there would be a performance cost to an > additional request for each client navigation that could slow down the > browser. > > On Tue, Jun 4, 2024 at 3:09 PM Caleb Raitto wrote: > >>

Re: [blink-dev] Intent to Ship: Protected Audience: Allow trusted bidding signals to trigger interest group updates

t; > Was milliseconds chosen as consistency with time units in the platform or > something else? > > Thanks, > Vlad > > On Mon, Jun 10, 2024 at 11:47 PM Yoav Weiss (@Shopify) < > yoavwe...@chromium.org> wrote: > >> LGTM2 >> >> On Mon, Jun 10, 20

Re: [blink-dev] Intent to Prototype: WebXR/WebGPU integration

FYI, in the Chrome status entry ( https://chromestatus.com/feature/5077077997649920), the link to this intent to prototype is broken. -Caleb On Tuesday, August 13, 2024 at 5:52:19 PM UTC-4 Kenneth Russell wrote: > Multiple developers have verbally indicated interest in using WebGPU to > render

Re: [blink-dev] Intent to Ship: Protected Audience: Auction Nonce Hardening

Responses inline On Tuesday, December 3, 2024 at 9:03:22 PM UTC-5 Vladimir Levin wrote: On Mon, Nov 25, 2024 at 9:15 AM 'Orr Bernstein' via blink-dev < blink-dev@chromium.org> wrote: Contact emails o...@google.com, pauljen...@chromium.org, carai...@chromium.org Explainer https://github.com/W

Re: [blink-dev] Intent to Ship: Protected Audience: Auction Nonce Hardening

If so, are there > plans to deprecate it? If we don't, what's the compat risk? > > On Wed, Jan 8, 2025, 20:37 Mike Taylor wrote: > >> LGTM2 >> On 1/8/25 11:05 AM, Chris Harrelson wrote: >> >> LGTM1 >> >> On Wed, Dec 18, 2024 at 9:19 AM Caleb Ra

Re: [blink-dev] Intent to Ship: WebAuthn PRF extension

Looks good, thanks. -Caleb On Monday, May 22, 2023 at 1:28:59 PM UTC-4 Adam Langley wrote: > On Fri, May 5, 2023 at 11:00 AM Caleb Raitto wrote: > >> On Thursday, May 4, 2023 at 6:11:17 PM UTC-4 Adam Langley wrote: >> >> On Tue, May 2, 2023 at 9:55 AM Caleb Raitto wr

Re: [blink-dev] Intent to Experiment: Declarative Beacon API

Hi, I filed https://github.com/darrenw/docs/issues/3 about a time limit on the duration from bfcache page freeze to beacons being sent -- could you PTAL? Thanks, -Caleb On Friday, June 24, 2022 at 9:36:15 AM UTC-4 mike...@chromium.org wrote: > Thanks - sounds good. > > Could you clarify the