Open svgeesus opened 2 years ago
Requested review by @paulwouters
@svgeesus , I see that you're citing the version of this spec in TR, not the editor's draft. Which version would you like @paulwouters to review? (n.b. I see that the editor's draft has a much-expanded privacy considerations section. I haven't run a full diff, though.)
We get told off if we cite a non-TR spec for wide review, and current advice is to request early review on publication of FPWD.
But yes, please do in practice review the Editors Draft
@svgeesus , thank you. Indeed, for "reasons" we should be reviewing TR specs.
An updated WD of IFT has been published which puts into one specification the Range Request and Patch-subset methods, and describes how client and server negotiate which method to use. Please base your review on this new /TR draft. Thanks!
14 months later, are there any security review comments?
A new WD of IFT is available. This addresses review feedback from the earlier proposals. There is no longer a Range Request vs Patch Subset choice, and there is no longer any special protocol required. Compared to the earlier proposals, the risks of fingerprinting have been reduced and there should no longer be an impact on CDN caching.
Because this is a substantial rewrite, we have a new Explainer
A re-review from a Security perspective would be most welcome!
@simoneonofri
@simoneonofri I am guessing this request will wait for SING to be formed, right?
@simoneonofri I am guessing this request will wait for SING to be formed, right?
@svgeesus I've put it in the queue of things to do, surely when there's SING I'll be quicker to do them!
We have conducted a self-review of our spec Incremental Font Transfer, and the results can be found at https://github.com/w3c/IFT/issues/35 .
Please check our findings.
Other comments: