[w3ctag/design-reviews] Signed Exchanges (#235)

I'm requesting a TAG review of:

  - Name: Signed Exchanges
  - Specification URL: https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses
  - Explainer, Requirements Doc, or Example code: https://github.com/WICG/webpackage/blob/master/explainer.md
  - Tests: None yet.
  - Primary contacts: @jyasskin

Further details (optional):

  - Relevant time constraints or deadlines: We're hoping to do a Chrome Origin Trial by Oct/Nov 2018.
  - [ ] I have read and *not yet* filled out the [Self-Review Questionnare on Security and Privacy](https://www.w3.org/TR/security-privacy-questionnaire/). The primary "yes" is "Does this specification enable new script execution/loading mechanisms?" (since it allows a resource on one origin to provide script for another origin that signed it), and the spec does have [security](https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-03#section-6) and [privacy](https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-03#section-7) considerations.
  - [x] I have reviewed the TAG's [API Design Principles](https://w3ctag.github.io/design-principles/), but for example feature detection isn't fully worked out, and none of the eventual Javascript APIs are designed yet.

You should also know that...

The IETF's HTTPWG is also reviewing the specification.

We'd prefer the TAG provide feedback as (please select one):

  - [x] open issues in our Github repo for each point of feedback
  - [ ] open a single issue in our Github repo for the entire review
  - [ ] leave review feedback as a comment in this issue and @-notify [github usernames]

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/235