Groups
Sign in
Groups
blink-dev
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–26 of 26
Mike Taylor
, …
Ari Chivukula
77
12/4/23
Intent to Ship: Partitioning Storage, Service Workers, and Communication APIs
Further to my message above, openned a bug with a demo and a few suggestions: https://bugs.chromium.org/p/chromium/issues/detail?id=1501639 On Tuesday,
unread,
Intent to Ship: Partitioning Storage, Service Workers, and Communication APIs
Further to my message above, openned a bug with a demo and a few suggestions: https://bugs.chromium.org/p/chromium/issues/detail?id=1501639 On Tuesday,
12/4/23
Ben Wiser
, …
Rick Byers
41
11/2/23
Intent to Prototype: Web environment integrity API
need to
trust
the server, nor to supply ANY DATA to the server, until the server proves itself to the client. Anything else results in leaking user privileged data to a potential adversary
unread,
Intent to Prototype: Web environment integrity API
need to
trust
the server, nor to supply ANY DATA to the server, until the server proves itself to the client. Anything else results in leaking user privileged data to a potential adversary
11/2/23
Steven Valdez
, …
Steven Valdez
47
10/11/23
Intent to Ship: Private State Tokens API
Private State
Tokens
have been enabled for 100% of Chrome 114+ users. The feature is also enabled by default on the Chromium tip-of-tree as of July, which corresponds to the Chrome 117
unread,
Intent to Ship: Private State Tokens API
Private State
Tokens
have been enabled for 100% of Chrome 114+ users. The feature is also enabled by default on the Chromium tip-of-tree as of July, which corresponds to the Chrome 117
10/11/23
Yan Han
, …
Steven Valdez
9
8/31/22
Question about running Trust Token in Chrome
Issuing 1
tokens
." > > Thanks, > Yan > > On Tue, Aug 30, 2022 at 10:01 AM Steven Valdez wrote: > >> Can you hit "Check for Updates" under "
unread,
Question about running Trust Token in Chrome
Issuing 1
tokens
." > > Thanks, > Yan > > On Tue, Aug 30, 2022 at 10:01 AM Steven Valdez wrote: > >> Can you hit "Check for Updates" under "
8/31/22
Ian Clelland
3/9/22
PSA: Updating Chrome's Structured-Fields implementation to match RFC8941
(For
Trust
tokens
, it also parses Signed-Headers, Sec-Redemption-Record and Sec-Signature, but only from internally generated data -- they are request, not response headers -
unread,
PSA: Updating Chrome's Structured-Fields implementation to match RFC8941
(For
Trust
tokens
, it also parses Signed-Headers, Sec-Redemption-Record and Sec-Signature, but only from internally generated data -- they are request, not response headers -
3/9/22
Steven Valdez
, …
Tiago Vargas
6
11/3/21
Intent to Extend Origin Trial: Trust Token API
experimenting with
Trust
Token and we would like to continue to do so for a little longer. Currently we do have performance problems whenever we change key commitments. As it takes a
unread,
Intent to Extend Origin Trial: Trust Token API
experimenting with
Trust
Token and we would like to continue to do so for a little longer. Currently we do have performance problems whenever we change key commitments. As it takes a
11/3/21
Sasha Tokarev
, …
Matt Menke
28
10/28/22
Native support of Windows SSO in Chrome
do not
trust
IDP, or IDP compromised their
trust
. > the primary way of doing that is through encouraging greater centralization of identity services. And this where this feature
unread,
Native support of Windows SSO in Chrome
do not
trust
IDP, or IDP compromised their
trust
. > the primary way of doing that is through encouraging greater centralization of identity services. And this where this feature
10/28/22
David Van Cleve
, …
Nikita Kurtin
7
7/13/21
Intent to Experiment: Android Platform-Provided Trust Tokens in the Trust Token API Origin Trial
> existing
tokens
would continue to work. >>>> >>>> Best, >>>> >>>> David >>>> >>>> On Thu, Feb
unread,
Intent to Experiment: Android Platform-Provided Trust Tokens in the Trust Token API Origin Trial
> existing
tokens
would continue to work. >>>> >>>> Best, >>>> >>>> David >>>> >>>> On Thu, Feb
7/13/21
Alex Russell
, …
Daniel Bratell
19
5/27/21
Re: Trust Token API / fallback nonstandard origin trial plan
move the
Trust
Token API > origin trial to a rollout limiting burn-in with a 5% > holdback, superseding the origin trial's current fixed > usage target. > > When
unread,
Re: Trust Token API / fallback nonstandard origin trial plan
move the
Trust
Token API > origin trial to a rollout limiting burn-in with a 5% > holdback, superseding the origin trial's current fixed > usage target. > > When
5/27/21
Chris Harrelson
2
5/27/21
Increased Origin Trial Limits for Upcoming Privacy APIs
] and
Trust
>
Tokens
[3]. > * The higher limits are justified by situations where the experimental > goal of the trial is inherently dependent on statistically significant
unread,
Increased Origin Trial Limits for Upcoming Privacy APIs
] and
Trust
>
Tokens
[3]. > * The higher limits are justified by situations where the experimental > goal of the trial is inherently dependent on statistically significant
5/27/21
Steven Valdez
,
Mike West
2
5/3/21
Intent to Extend Origin Trial: Trust Token API (Take 2)
WICG/
trust
-token-api > > Summary > > This is a new API for propagating a notion of user authenticity across > sites, without using cross-site persistent identifiers
unread,
Intent to Extend Origin Trial: Trust Token API (Take 2)
WICG/
trust
-token-api > > Summary > > This is a new API for propagating a notion of user authenticity across > sites, without using cross-site persistent identifiers
5/3/21
Aaron Tagliaboschi
, …
Philipp Hancke
14
1/10/23
Intent to Remove: Rename User-Agent Client Hint ACCEPT-CH tokens
, Chrome
Trust
& Safety On Thu, Jan 21, 2021 at 3:12 PM Chris Harrelson wrote: > LGTM3 > > On Thu, Jan 21, 2021 at 12:11 PM Mike West wrote: > >> Gah. I sent this from
unread,
Intent to Remove: Rename User-Agent Client Hint ACCEPT-CH tokens
, Chrome
Trust
& Safety On Thu, Jan 21, 2021 at 3:12 PM Chris Harrelson wrote: > LGTM3 > > On Thu, Jan 21, 2021 at 12:11 PM Mike West wrote: > >> Gah. I sent this from
1/10/23
Steven Valdez
, …
David Van Cleve
7
1/5/21
Intent to Experiment: Trust Token API
updates the
Trust
Token API origin trial to use a third-party origin trial instead of its current nonstandard origin trial configuration . This involves two significant behavior
unread,
Intent to Experiment: Trust Token API
updates the
Trust
Token API origin trial to use a third-party origin trial instead of its current nonstandard origin trial configuration . This involves two significant behavior
1/5/21
David Van Cleve
, …
Erik Anderson
10
11/24/20
Intent to Prototype: Platform-issued trust tokens
for these
tokens
on the device instead of via the usual web request". On the Chrome side, we're starting off with one proof-of-concept Chrome integration on Android (with
unread,
Intent to Prototype: Platform-issued trust tokens
for these
tokens
on the device instead of via the usual web request". On the Chrome side, we're starting off with one proof-of-concept Chrome integration on Android (with
11/24/20
Steven Valdez
,
yo...@yoav.ws
4
10/22/20
Intent to Extend Origin Trial: Trust Token API
the major
Trust
Token protocol version in Chrome from V1 to V2 > (which includes some crypto protocol changes and changes to the APIs > (names/parameters/headers). That might
unread,
Intent to Extend Origin Trial: Trust Token API
the major
Trust
Token protocol version in Chrome from V1 to V2 > (which includes some crypto protocol changes and changes to the APIs > (names/parameters/headers). That might
10/22/20
Joe Medley
, …
Eiji Kitamura
13
3/16/20
[NEED INFORMATION]
origin trialling
Trust
Tokens
in M83. Chromestatus: https://www.chromestatus.com/features/5078049450098688 I2I was posted back in October '19 Public design doc and I2E
unread,
[NEED INFORMATION]
origin trialling
Trust
Tokens
in M83. Chromestatus: https://www.chromestatus.com/features/5078049450098688 I2I was posted back in October '19 Public design doc and I2E
3/16/20
Yoav Weiss
, …
James Rosewell
141
1/11/23
Intent to Deprecate and Freeze: The User-Agent string
look at
Trust
Tokens
which is a proposal to combat fraud and other abusive behavior through blinded
tokens
that can be granted in one context and redeemed in another without being able
unread,
Intent to Deprecate and Freeze: The User-Agent string
look at
Trust
Tokens
which is a proposal to combat fraud and other abusive behavior through blinded
tokens
that can be granted in one context and redeemed in another without being able
1/11/23
François Doray
, …
Shachar Zohar
46
2/4/20
Intent to Implement and Ship: Freeze task queues in background (desktop) (attempt #2)
. I
trust
y'all to get the follow-up > PRs done. > > IIRC there was some debate about an OT vs another meta tag to signal the > opt-out. Has that been resolved? > >
unread,
Intent to Implement and Ship: Freeze task queues in background (desktop) (attempt #2)
. I
trust
y'all to get the follow-up > PRs done. > > IIRC there was some debate about an OT vs another meta tag to signal the > opt-out. Has that been resolved? > >
2/4/20
Charles Harrison
, …
jsec...@brave.com
10
11/11/19
Intent to Implement: Conversion Measurement API
the Chrome
Trust
Token proposal, to make sure requests are authenticated but not identifying. 3. The proposal is currently written in a way that makes it most useful within a handful
unread,
Intent to Implement: Conversion Measurement API
the Chrome
Trust
Token proposal, to make sure requests are authenticated but not identifying. 3. The proposal is currently written in a way that makes it most useful within a handful
11/11/19
Charles Harrison
, …
Michaela Merz
11
10/16/19
Intent to Implement: Trust Token API
Sending raw
tokens
directly to third parties without consent from the token issuer brings up a difficult problem: token exhaustion attacks . In the current design, a token issuer can
unread,
Intent to Implement: Trust Token API
Sending raw
tokens
directly to third parties without consent from the token issuer brings up a difficult problem: token exhaustion attacks . In the current design, a token issuer can
10/16/19
Lily Chen
, …
apoorv munshi
110
3/24/21
Intent to Implement and Ship: Cookies with SameSite by default
'd
trust
that assessment, thanks for confirming. My main concern currently is the extra UA detection that has to be done to workaround the Safari bug (I'd love to hear if my assessment
unread,
Intent to Implement and Ship: Cookies with SameSite by default
'd
trust
that assessment, thanks for confirming. My main concern currently is the extra UA detection that has to be done to workaround the Safari bug (I'd love to hear if my assessment
3/24/21
Nick Harper
, …
Tom Jones
41
5/8/20
Intent to Remove: Token Binding
: binding
tokens
to the communication channel is a good (optional) generic mechanism that supersedes specialized mechanisms like the ones to XSS attacks etc.; yes, there are a number
unread,
Intent to Remove: Token Binding
: binding
tokens
to the communication channel is a good (optional) generic mechanism that supersedes specialized mechanisms like the ones to XSS attacks etc.; yes, there are a number
5/8/20
Jochen Eisinger
, …
justforthe...@gmail.com
33
5/21/19
Intent to Deprecate and Remove: Block cross-origin <a download>
auth XSRF
tokens
, so that wouldn't close this particular >>>>>> problem. >>>>>> >>>>>> On Sat, May 13, 2017 at 12
unread,
Intent to Deprecate and Remove: Block cross-origin <a download>
auth XSRF
tokens
, so that wouldn't close this particular >>>>>> problem. >>>>>> >>>>>> On Sat, May 13, 2017 at 12
5/21/19
Ryan Sleevi
, …
Ryan Caudle
141
3/23/22
(Pre-)Intent to Deprecate: <keygen> element and application/x-x509-*-cert MIME handling
to soft
tokens
for now); and that entity B can rely on. And with the only 'out of band', collusion or coordination between A and B being some cert higher up in the chain A used when
unread,
(Pre-)Intent to Deprecate: <keygen> element and application/x-x509-*-cert MIME handling
to soft
tokens
for now); and that entity B can rely on. And with the only 'out of band', collusion or coordination between A and B being some cert higher up in the chain A used when
3/23/22
Joel Weinberger
, …
quayapa...@gmail.com
229
9/29/17
Intent to deprecate: Insecure usage of powerful features
unread,
Intent to deprecate: Insecure usage of powerful features
9/29/17
Juan Lang
, …
Juan Lang
11
2/18/14
Intent to Implement: WebCrypto API extension for U2F
unread,
Intent to Implement: WebCrypto API extension for U2F
2/18/14