>I think this is referring to the fact that the proposal depends on a UA Policy? I believe there is precedence for this in other parts of the web platform. A couple of examples that come to mind:
>
> * The definition of site / registrable domain (which cookies, and other parts of the web platform use extensively) depends on the Public Suffix List which has an acceptance process, and alludes to the role that user agents play ("Browsers do what browsers do...").
> * Browsers perform TLS certificate validation before connecting to https:// URLs, which relies on the the Web PKI infrastructure that is governed by a complex set of rules developed by the CA/Browser Forum.
The TLS cert validation is a good example. Question: could the first party set enforcement be accomplished using existing data available through certificate validation or existing data in the DNS registration system? This would address the internationalization issues raised as well and would not require spinning up an independent enforcement authority...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/342#issuecomment-988962182
Received on Wednesday, 8 December 2021 16:20:40 UTC