[compute-pressure] Specify what kind of attacks are considered and addressed (#204)

pes10k has just created a new issue for https://github.com/w3c/compute-pressure:

== Specify what kind of attacks are considered and addressed ==
This issue is being filed as part of the [requested PING review](https://github.com/w3cping/privacy-request/issues/113) and was broken off from [this previous issue](https://github.com/w3c/compute-pressure/issues/196)

The section mentions "timing attacks", but this is a very broad term. The text here would be more useful if the text was more precise: what kinds of attacks / timing issues are the authors concerned with and guarding against. My read from the text is that the section is most concerned with different sites observing the same event at the same time, and using that to link browsing contexts. There are other kinds of attacks that requiring timing information to conduct though (e.g., using timing signals to create a side/covert channel). In general, the text here would be improved by being more precise about what kinds of attacks are considered and addressed.

Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/204 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 28 March 2023 15:54:10 UTC