- From: Lukasz Olejnik <notifications@github.com>
- Date: Tue, 02 Apr 2019 22:51:42 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/342/479349701@github.com>
Hi Mike! Hope you missed me. Lovely explainer. May I ask about a few bits below. > Still, it seems **likely** that **folks** will want to **stretch** the bounds of what first-party sets enables over time Can you please elaborate **why** it's likely, and **which** folks specifically do you mean here? Not asking for all their names and addresses, of course. > Tying those two domains together in the same first-party set could increase the risk of credential leakage, if browsers aren't careful about how they expose the credential sharing behavior discussed above Any other risks that you can imagine (apart from the stuff listed later in the explainer)? Aside from the Ordinary User not knowing about the existence first/third party stuff, would it make sense to require browser UI changes to indicate that some site is linked with another? > It would be fatal to the design if https://subdomain1.advertiser.example/ could live in one first-party set while https://subdomain2.advertiser.example/ could live in another That looks unfortunate indeed. Good the explainer is listing plenty of concerns. > Given this reality, we need to add a registrable domain constraint to the design above such that each registrable domain may live in one and only one first-party set. Would there be a way to deregister from the set, and e.g. change sets in quick time intervals, or something like that? I'm simply wondering if site1 can easily change its membership (rather than: being member of two separate sets on the same time, which is already marked as concern). Apart from the natural expiration of 7 days you speak of, unless it could be the same. > We can mitigate this risk to some extent by limiting the maximum number of registrable domains that can live together in a first-party set, rejecting sets that exceed this number How would the risk after such mitigation compare with today's risk of making the same? Would you imagine it conceivable that advertisers will start serving their stuff from XXXYYYZZZ.ccTLD, and smartly game the number-limited system? (but: "Forget the entity" looks good). > As the declaration is public by nature, the style of abuse noted here will be trivially obvious to observers, which creates exciting opportunities for out-of-band intervention Sounds like an opportunity for a new batch of research papers? I'm sure many will be happy ;-) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/342#issuecomment-479349701
Received on Wednesday, 3 April 2019 05:52:05 UTC