Re: [w3ctag/design-reviews] Managed Device Web API (#606)

Apologies this took so long, it was a pretty contentious issue so it took some time for us to figure out what we want to say. We feel this is a risky feature - the use cases we see in the explainer seem like this mainly is to uniquely identify devices. Couldn't this be enabled by pre-installing unique client certificates on the device?

There is the side note of certificates being possible to copy - so it's not as strong of a guarantee as a serial number.

What are the potential unethical use-cases that might come from this feature?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/606#issuecomment-827439319

Received on Tuesday, 27 April 2021 08:55:49 UTC