Closed svgeesus closed 3 days ago
@pes10k did you get a chance to review this specification?
hi @svgeesus, apologies for the delay on this. I've reviewed the spec, and filed one needs-resolution
issue. I'm going to close out this review request now. Thank you for your patience
The Privacy IG prefers groups to complete a self-review around the time of FPWD. See https://w3ctag.github.io/security-questionnaire/.
Other comments:
This new draft addresses review feedback from the earlier proposals. There is no longer a Range Request vs Patch Subset choice, and there is no longer any special protocol required. The client no longer sends individual, possibly trackable requests to the server for a patch specific to the current user. Instead, it selects from pre-generated patches, which are the same for all users. Compared to the earlier proposals, the risks of fingerprinting have thus been reduced and there should also no longer be an impact on CDN caching.