W3C home > Mailing lists > Public > public-tracking@w3.org > October 2014

Re: TPE last-call issues on my plate, summary

From: David Singer <singer@apple.com>
Date: Fri, 10 Oct 2014 07:41:46 -0700
Cc: Sid Stamm <sstamm@mozilla.com>, Tracking Protection Working Group <public-tracking@w3.org>
Message-id: <2550D08B-9EF7-49D8-878A-77580BA25E87@apple.com>
To: Anne van Kesteren <annevk@annevk.nl>


Sent from my iPad

> On Oct 10, 2014, at 12:03 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> 
>> On Thu, Oct 9, 2014 at 7:25 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> Unless you enumerate the hosts somehow, but that still does not allow
>> you to get around a publicsuffix.org dependency... I'm surprised we
>> even want such an API.
> 
> Note that the asynchronous comment still stands. Copying the cookie
> model seems badly broken, but making a new permission API synchronous
> is even worse.


It isn't synchronous now, and so far no one objects to having it return a promise. In just need an example of how to write that...

> 
> And did security UX sign off on having explanationString and siteName
> fields? Typically we do not allow sites to insert text into permission
> UI as we cannot trust the sites to try to spoof the user.
> 


I agree we should remove these.  I am getting some pushback.


> 
> -- 
> https://annevankesteren.nl/
Received on Friday, 10 October 2014 14:42:20 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:24 UTC