Re: [w3ctag/design-reviews] Cookies Having Independent Partitioned State (CHIPS) (#654) from Dylan Cutler on 2021-08-12 (public-webapps-github@w3.org from August 2021)

From: Dylan Cutler <notifications@github.com>
Date: Thu, 12 Aug 2021 13:02:32 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/654/897929851@github.com>

@torgo @kenchris Thanks for taking the time to leave comments.

> one thing we discussed in followup this morning is that the explainer kind of assumes you know what partitioned and unpartitioned is. I think it could benefit from a definition up front, as well as a definition of what opt-in means in this document.

Good point, I have refactored the [explainer](https://github.com/WICG/CHIPS/blob/main/README.md) to make it more clear what "partitioning" cookies means.

> You say "developer opt-in" but I think it needs to be specific about which party is opting in in a scenario where you have a 1st party and a 3rd party involved

I see the ambiguity there, I changed "developer opt-in" to "third-party opt-in" since it is the third party who should be including the Partitioned attribute in their cookies. Top-level site owners do not need the Partitioned attribute and can just use SameSite=Lax.

> Also, as I understand other browsers user partitioned cookies today, so why don't they need a proposal like this? Do they have an exception list or similar?

Firefox blocks 3P cookies in ETP Default mode based on a blocklist, but AFAIK they do not partition cookies for sites on that block list in ETP Default. Cookie partitioning is only available in Private Browsing or ETP Strict mode.

Safari shipped then rolled back cookie partitioning in previous versions of ITP.

This is discussed in the explainer in [Alternate Cookie Partitioning Designs](https://github.com/WICG/CHIPS/blob/main/README.md#alternate-cookie-partitioning-designs).

> All of this should really be discussed up front in the explainer

Ack'd. I can refactor the explainer to be more clear about these distinctions between what we are proposing and what different browsers have worked on up front.

> It's not clear to me why and how developer opt-in to partitioning aids user privacy? If cookies that are not opted in to partitioning will eventually be deprecated then why not simply double key all cookies to begin with rather than requiring an opt-in? Is the opt in only relevant to the phase-in period?

The third-party opt-in is for web compatibility. We believe introducing a third-party opt-in will help ease the transition for third-party site owners to the new semantics of cross-site cookies.

Also adding a new attribute which requires the __Host- prefix will ideally broaden adoption of existing cookie features which improve the security model of cookies.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/654#issuecomment-897929851

Received on Thursday, 12 August 2021 20:02:44 UTC