Make a note about these being critical & needing to be downloaded during processing.

We need to integrate into the processing algorithm, after processing, they image resources should be downloaded.

We talked about using CSS as an example… progress with this has been slow over there: w3c/csswg-drafts#1088

@marcoscaceres Per whatwg/html#5581 (comment), it seems like we may not need to do this task right now, no?

Correct, but we do need to do it when processing happens so definitely as part of CR... but happy to wait until scope and start URL are all sorted.

This is both applicable and not... firstly, upon reflection, we should not assume there is a client at all because the way this is commonly implemented is that the manifest structure is handed off to the OS to deal with... once it enters the OS, it no longer has a (web) client... it's potentially just using OS-level mechanisms to load the images.

From a security perspective, the only assurances that we give is that it's some kind of image format (which yes, it may attempt to attack the OS) - but generally the image formats are considered safe, and CSP doesn't apply anymore as there is no document object or environment settings object at that point (it's all OS widgets).

So, we should say something ... but we need to figure out what... but it's not a "clients" thing.

Also the conclusion is that icons are not critical sub-resources, because the UA can (and often does) provide a fallback icon.