or LGTM2 - sorry, race condition.
On 7/31/24 11:46 AM, Mike Taylor wrote:
Thanks for the v2 updates.
LGTM1
On 7/30/24 2:09 PM, Reilly Grant wrote:
On Tue, Jul 16, 2024 at 1:20 PM Robbie McElrath
<rmcelr...@chromium.org> wrote:
Thanks - before I jump too deeply into the review, would you
mind requesting the various review gate bits in your
chromestatus entry?
Done. We've been using launch/ for the approvals so far. I added
a link to the corresponding launch/ approval in chromestatus when
applicable.
No, the IWA security rules are enforced with existing web
primitives (CSP/TT, permissions policy, COI) that already
have DevTools support. There is some non-DevTools tooling
needed to build and sign the bundle, but I don't think
there's a use case for adding bundle-related functionality
into DevTools.
Makes sense. Are there plans to build said tooling and make
it available to ease adoption?
Yeah, we already have JS tooling available to create bundles
<https://github.com/WICG/webpackage/tree/main/js/bundle>, sign
bundles <https://github.com/WICG/webpackage/tree/main/js/sign>
(the new integrity block format is already supported), and a
webpack
<https://github.com/GoogleChromeLabs/webbundle-plugins/blob/main/packages/webbundle-webpack-plugin/README.md>
and rollup
<https://github.com/GoogleChromeLabs/webbundle-plugins/tree/main/packages/rollup-plugin-webbundle>
plugin. These make it easy to integrate with existing npm-based
flows, see the telnet demo app
<https://github.com/GoogleChromeLabs/telnet-client/blob/main/webpack.wbn.js#L36>
for an example. There's also a go tool
<https://github.com/WICG/webpackage/tree/main/go/bundle> that can
build and sign bundles, but it doesn't support integrity block v2
yet. Updating the go version has been lower priority as we don't
know of anyone that actually used it.
Integrity block v2 was recently proposed to address key
rotation related issues with v1. The internal design doc is
here: go/iwa-key-rotation
<https://goto.google.com/iwa-key-rotation>. Yes, we will be
speccing this.
Great - any idea of when you might have some version of a
spec draft ready?
The engineer working on this estimates it being done in the next
few weeks.
An update to the Integrity Block explainer with the version 2 format
landed in https://github.com/WICG/webpackage/pull/892.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5146307550248960
<https://chromestatus.com/feature/5146307550248960>
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMayyUjocrvyQKgu-bZy_4z5VJ0ijHCAijBTZY2xLwJpJQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMayyUjocrvyQKgu-bZy_4z5VJ0ijHCAijBTZY2xLwJpJQ%40mail.gmail.com>
This intent message was generated by Chrome Platform
Status <https://chromestatus.com/>.
--
You received this message because you are subscribed to
the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
blink-dev+unsubscr...@chromium.org
<mailto:blink-dev+unsubscr...@chromium.org>.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANtkjcS1A2rO%2BvHnnPXqc6sxhjenearhCGx9vxt%2BcKqM5otDfA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANtkjcS1A2rO%2BvHnnPXqc6sxhjenearhCGx9vxt%2BcKqM5otDfA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/02549cbf-4750-4edd-8604-fccabecd52bc%40chromium.org.
