Re: [compute-pressure] Feature can be abused to create cross-site covert channels (#197) from Anssi Kostiainen via GitHub on 2023-06-19 (public-device-apis-log@w3.org from June 2023)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Mon, 19 Jun 2023 14:37:17 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-1597304580-1687185435-sysbot+gh@w3.org>

@toreini, because this is a generic issue I'd suggest expanding the note in https://www.w3.org/TR/compute-pressure/#mitigation-strategies as follows and refer to the TAG document:

>This section gives a high-level view into mitigation strategies applicable to this specification. The normative definitions of these mitigations are integrated into the respective algorithms of this specification. Implementers are advised to consider the [TAG guidance on private browsing modes](https://www.w3.org/2001/tag/doc/private-browsing-modes/#features-supporting-private-browsing) when implementing the mitigations defined in this specification.

Feel free to suggest a better wording. The TAG Findings is open to contributions if you want to contribute your research as an additional reference: https://github.com/w3ctag/private-browsing-modes/issues

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/197#issuecomment-1597304580 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 19 June 2023 14:37:19 UTC