Intent to Ship: Signed Exchange Reporting for distributors

[Tsuyoshi Horo]

Contact emails

ho...@chromium.org

Explainer

doc

Spec

https://github.com/WICG/webpackage/pull/374

Summary

Signed Exchange Reporting for distributors extends the Network Error Logging to enable the distributors of signed exchanges to investigate the signed exchange loading errors such as certificate verification errors.

Link to “Intent to Implement” blink-dev discussion

https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/ZcJNEfRFbj0

Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes

Debuggability

Developers can view the submitted signed exchange report entries in chrome://net-export/.

Risks

Interoperability risk

Edge: No signals

Firefox: No signals

Safari: No signals

Web / Framework developers: No signals

Compatibility risk

This feature introduces a new phase type "sxg", so the existing NEL endpoints can detect that this is a new type of report.

Ergonomics

We expect no significant added difficulty compared to setting up an endpoint for the existing NEL.

Is this feature fully tested by web-platform-tests? Link to test suite results from wpt.fyi.

Yes

https://github.com/web-platform-tests/wpt/tree/master/signed-exchange/reporting

https://wpt.fyi/results/signed-exchange/reporting

Entry on the feature dashboard

https://www.chromestatus.com/features/5687904902840320

Requesting approval to ship?

Yes

[Kinuko Yasuda]

This will be a good addition generally to NEL, and this would be important for distributors to watch and diagnose signed exchange errors.  This is also useful for gathering more stats to see how the signed exchanges distribution work at a larger scale.

Have you also gathered feedback from privacy / security people?  I suppose distributor side won't have issues, but would be good to make sure.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADk0S-VwbsoW%2BV6FNhpMddB_Gj8t-0J5WU2FzhgEU8rBFdQTYg%40mail.gmail.com.

[Tsuyoshi Horo]

I received comments on the explainer, and I added "Security/Privacy Risks" section.

I think the risk of the leaking of cross-origin information is already covered.

 

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMWgRNbcF-tf3VMZ05HTRPzmvBthoAUekjxqcj%2BmJM3ptvbvBg%40mail.gmail.com.

[Tsuyoshi Horo]

And also I'm asking feedback from privacy / security people in the explainer's comment thread.

https://docs.google.com/document/d/1Io-MJ1PUqPazZIzDdV2s7oTPGLJZGt15Pbx1ge3JYT4/edit?disco=AAAAClZqVK8

[Philip Jägenstedt]

Cool to see the test for this in WPT. Should this feature already be working behing --enable-experimental-web-platform-features? The tests seem to fail as much as in Chrome as the other browsers, so I wonder if there's something wrong with the wpt.fyi infra, or if this isn't implemented yet?

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADk0S-XnB3LE_AD_EEk0hq6AK4L7m3BSo8cBxXON5hQF5snEnQ%40mail.gmail.com.

[Tsuyoshi Horo]

Currently we need to set SignedExchangeReportingForDistributors feature flag to run these tests.

We are running these tests using VirtualTestSuites.

I created a CL to enable this feature under --enable-experimental-web-platform-features flag.

[Chris Palmer]

Thanks for adding a Risks section! :) I responded with a comment in the doc.

[Philip Jägenstedt]

LGTM1 on the assumption that https://github.com/WICG/webpackage/pull/374 is merged before this ships. Often we block intents on PRs being merged, but it looks like it's done and just not merged. +Jeffrey Yasskin?

On testing, if the tests do work under virtual/, then there's no need to see the tests passing on wpt.fyi before shipping, but worth checking if they do work in Chrome just like they do in content_shell after the flag is flipped.

On security, if the security team has concerns that could also be blocking. Hopefully it's fine, just clarifying that 3xLGTM here doesn't preclude that.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOuvq200GJE0EY6kKVKLfOm0oq_Vb9yms8kGhbGgyJw%2BfiQVCw%40mail.gmail.com.

[Kinuko Yasuda]

non-owner LGTM, thanks for adding the Risks section for security/privacy and gathering feedback!

[Chris Palmer]

So it sounds like we have to send reports to distributors, which means we just have to be careful to uphold the principle aaj@ outlined in the document: "avoid exposing any information that the distributor would not already have (other than debugging information about the cert error), e.g. the Referrer if the page performing the navigation/prefetch sets a Referrer Policy, then it should be okay."

[Jeffrey Yasskin]

I've merged it now. Sorry for the delay.

[Daniel Bratell]

LGTM2

Will have to be careful in the code to not later add publisher related
information and send it to the distributor but that distinction is the can
of worms SXG has already opened.

/Daniel

--
/* Opera Software, Linköping, Sweden: CET (UTC+1) */

[Chris Harrelson]

LGTM3

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/op.zxw3xgwlrbppqq%40cicero2.linkoping.osa.