[navigation-error-logging] new draft proposal from Ilya Grigorik on 2015-01-12 (public-web-perf@w3.org from January 2015)

From: Ilya Grigorik <igrigorik@google.com>
Date: Mon, 12 Jan 2015 12:52:17 -0800
To: public-web-perf <public-web-perf@w3.org>
Cc: Domenic Denicola <domenic@google.com>
Message-ID: <CADXXVKonC5b55K7vxvBdhZO20d3s-=B1agHF3_-56Ozx_fFAXg@mail.gmail.com>

We identified a number of issues with the current NEL draft at TPAC:

1) JS-based registration can be easily hijacked
2) Ability to aggregate multiple errors into a single report
3) Desire for more extensive error coverage and better delivery model
... more: https://github.com/w3c/navigation-error-logging/issues

In attempt to address all of the above, I have a new draft proposal which
is based on our experience with Domain Reliability [1], and also reuses a
lot of the concepts from CSP and HSTS:

https://cdn.rawgit.com/w3c/navigation-error-logging/new/index.html

- HSTS~like header based registration
- CSP~like error reporting for failed navigations
-- JS interface is removed entirely for security and privacy reasons, same
as CSP
- Domain Reliability~like error types and report structure and delivery

In short, it *is* a significant departure from the current draft, but I do
believe that it addresses all the major open issues and provides a
consistent interface to similar APIs (e.g. CSP).

Would love to hear any thoughts or feedback!

ig

[1]
https://docs.google.com/a/chromium.org/document/d/14U0YA4dlzNYciq2ke0StEMjomdBUN6ocSt1kN03HJ0s/edit?pli=1#

Received on Monday, 12 January 2015 20:53:25 UTC