Re: [w3ctag/design-reviews] Managed Device Web API (#606) from cynthia on 2021-04-27 (public-webapps-github@w3.org from April 2021)

From: cynthia <notifications@github.com>
Date: Tue, 27 Apr 2021 01:55:37 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/606/827439319@github.com>

Apologies this took so long, it was a pretty contentious issue so it took some time for us to figure out what we want to say. We feel this is a risky feature - the use cases we see in the explainer seem like this mainly is to uniquely identify devices. Couldn't this be enabled by pre-installing unique client certificates on the device?

There is the side note of certificates being possible to copy - so it's not as strong of a guarantee as a serial number.

What are the potential unethical use-cases that might come from this feature?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/606#issuecomment-827439319

Received on Tuesday, 27 April 2021 08:55:49 UTC