Private Network Access (aka CORS-RFC1918) permission to relax mixed content

Wotcher TAG!

I'm requesting a TAG review of Private Network Access permission to relax mixed content.

A new permission to relax mixed content restrictions for private network resources while secure context restriction enabled on public websites which initialed request to private network.

Explainer: [url]
Security and Privacy self-review: [url]
GitHub repo: [url]
Primary contacts (and their relationship to the specification):
- Yifan Luo (@iVanlIsh), Google, specifier / implementer
- Titouan Regoudy (@letitz), Google, specifier / implementer ( on leave )
- Mike West (@mikewest), Google, original specifier / implementer
Organization driving the design: Google
External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): https://chromestatus.com/guide/edit/5954091755241472

Further details:

[x] I have reviewed the TAG's Web Platform Design Principles
The group where the incubation/design work on this is being done (or is intended to be done in the future): WICG
The group where standardization of this work is intended to be done ("unknown" if not known): WHATWG
Existing major pieces of multi-stakeholder review or discussion of this design: https://github.com/WICG/private-network-access/issues/23
Major unresolved issues with or opposition to this design: None
This work is being funded by: Google

You should also know that...

The major part of the spec has already been reviewed in https://github.com/w3ctag/design-reviews/issues/572 Here we forced on permission part to relax mixed content restrictions.

We'd prefer the TAG provide feedback as :

🐛 open issues in our GitHub repo for each point of feedback

w3ctag / design-reviews

Private Network Access (aka CORS-RFC1918) permission to relax mixed content #751