- From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
- Date: Thu, 17 Aug 2023 12:58:20 +0000
- To: public-device-apis-log@w3.org
@pes10k, we've now specified mitigations in normative algorithms to the proposed cross-site covert channel attack. These normative definitions complement the more [human-readable description of these mitigations](https://www.w3.org/TR/compute-pressure/#mitigation-strategies) we added to the spec earlier. Here's the summary of changes: - add new [PressureObserver](https://www.w3.org/TR/compute-pressure/#dom-pressureobserver) internal slots: [[[ObservationWindow]]](https://www.w3.org/TR/compute-pressure/#dfn-observationwindow), [[[MaxChangesThreshold]]](https://www.w3.org/TR/compute-pressure/#dfn-maxchangesthreshold), [[[PenaltyDuration]]](https://www.w3.org/TR/compute-pressure/#dfn-penaltyduration), [[[ChangesCountMap]]](https://www.w3.org/TR/compute-pressure/#dfn-changescountmap), [[[AfterPenaltyRecordMap]]](https://www.w3.org/TR/compute-pressure/#dfn-afterpenaltyrecordmap) - add [passes privacy test](https://www.w3.org/TR/compute-pressure/#dfn-passes-privacy-test) check to [data delivery](https://www.w3.org/TR/compute-pressure/#dfn-data-delivery) steps - add [reset observation window](https://www.w3.org/TR/compute-pressure/#dfn-reset-observation-window) steps - add [adjusted pressure state](https://www.w3.org/TR/compute-pressure/#dfn-adjusted-pressure-state) concept It's been an educational ride to mitigate this one and it's been great to work with you on this. We'd be happy to talk about this work during the PING TPAC meeting on Tuesday 12 Sep if there's availability. I'll attend in person with @kenchris. -- GitHub Notification of comment by anssiko Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/197#issuecomment-1682242035 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 17 August 2023 12:58:22 UTC