Daniel Rubery
Daniel Rubery
https://github.com/w3c/webappsec-dbsc/issues/36 requests an API for directly generating new keys and doing signing operations. For sites with strong client-side SDKs, they can reduce the server-side complexity if they do the signatures...
One thing that's challenging about the current header-based API is that you can't know when registration has completed. We should design some JS bindings that let sites start a registration...
This addresses https://github.com/google/keep-sorted/issues/97. The discussion there suggested trying to override line breaks, but this turns out to be difficult. The options are not specified until after we've split into lines,...
I'm using keep-sorted in [Chromium](https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/core/common/features.h;drc=c4a4196850607d4478e7470e9a2adae60e465e81;l=23) to sort some experimental flags by name. This is a little challenging as the flag definitions can span multiple lines (#if for per-platform behavior, parameters...
DBSC currently refuses to bind cookies with the Partitioned attribute because all the session data is unpartitioned. This makes it challenging to use for certain payments use cases. For example,...
In order to prevent SameSite bypasses, the spec checks that you can set a bound cookie before doing any config changes. This could make dropping support for a cookie unnecessarily...
Right now, challenge lifetime is server-enforced. This requires browsers to sign the request only for it to get rejected. We could allow sites to specify challenge lifetime in a couple...
Some possible future extensions to DBSC add new credential types. We have two concrete ideas today: - Management/rotation of a client-side cert - Creation/rotation of a short-lived symmetric key which...
This currently depends on Chrome engineers mirroring unrar to https://github.com/aawc/unrar.git Chrome has begun fuzzing the copy of unrar in the chromium repo, so we do not plan to do this...