W3C home > Mailing lists > Public > public-tracking@w3.org > October 2014

Re: TPE last-call issues on my plate, summary

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 10 Oct 2014 09:03:22 +0200
Message-ID: <CADnb78hpzPjBwSkdukMbLuDSUK-g1H9mc=zct9dVRDtKm1tUhg@mail.gmail.com>
To: "David (Standards) Singer" <singer@apple.com>
Cc: Sid Stamm <sstamm@mozilla.com>, Tracking Protection Working Group <public-tracking@w3.org>
On Thu, Oct 9, 2014 at 7:25 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> Unless you enumerate the hosts somehow, but that still does not allow
> you to get around a publicsuffix.org dependency... I'm surprised we
> even want such an API.

Note that the asynchronous comment still stands. Copying the cookie
model seems badly broken, but making a new permission API synchronous
is even worse.

And did security UX sign off on having explanationString and siteName
fields? Typically we do not allow sites to insert text into permission
UI as we cannot trust the sites to try to spoof the user.


-- 
https://annevankesteren.nl/
Received on Friday, 10 October 2014 07:03:50 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:24 UTC