- From: cynthia <notifications@github.com>
- Date: Mon, 02 Mar 2020 17:51:07 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/478/593724318@github.com>
@ylafon and I looked at this during the Wellington F2F. Based on the proposals, we have some technical concerns. First of all, it is generally [not a good idea to invent a new scheme](https://tools.ietf.org/html/rfc7320#section-2.1) (Also: https://www.w3.org/TR/webarch/#URI-scheme). The motivation described in the initial round of feedback we got was around performance and pre-installation. As for performance, browser caching mechanisms and plumbing provided for PWAs should provide the necessary mechanisms needed, if there are uncovered use-cases or patterns, it would be best to address those by improving said specs. Currently, it seems like the main motivation for the custom scheme is to trigger loading through the runtime, which we believe can be achieved through content types (see [Webarch](https://www.w3.org/TR/webarch/#internet-media-type)) and [URI templates](https://tools.ietf.org/html/rfc6570). We saw this pattern used in the QuickApps URI templates in the explainer; it would be useful to know why that was not considered. As for pre-installation - unless there is a story around preserving the trust chain, we are not sure how this would work. Pre-installation mechanisms without any validation of provenance can undermine the integrity and guarantees of delivery through HTTPS. Could you please provide us with some details on how you plan to address these issues? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/478#issuecomment-593724318
Received on Tuesday, 3 March 2020 01:51:20 UTC