I am *not* filing this as a blocker. Rather, I'm filing this so we don't lose track of it, as it as part of the security decision. To that end, if I'm misremembering what we all agreed on, please correct me!

The signed exchange logic currently runs privileged code in the browser process and parses untrusted code. This makes its parsing code much more sensitive, hence the work in issue #879237.

The network code is in a similar situation and is being moved to the network service, to be sandboxed long-term. The signed exchange logic should get on a similar trajectory. The natural path would me to move it into the network service.

My understanding is one of the pain points here is where Service Worker intercept happens, so we should probably work through how to solve that.