- From: Sigbjørn Vik <sigbjorn@opera.com>
- Date: Thu, 17 Mar 2011 12:06:35 +0100
- To: public-web-perf@w3.org
On Wed, 16 Mar 2011 15:50:21 +0100, Philippe Le Hegaret <plh@w3.org> wrote: > Available at > http://www.w3.org/TR/2011/CR-navigation-timing-20110315/ Great! A couple of comments on the wording: The two quotes about timing don't quite seem to match, one says to use milliseconds, the other to use milliseconds or finer, but no words on how finer could be achieved. I suggest the two quotes are moved to the same place in the document and aligned. Since "otherwise specified" never happens, I further suggest to remove that particular moderation. "Unless otherwise specified, in rest of this work, time is measured in milliseconds since midnight of January 1, 1970 (UTC)." "The accuracy of the timing-related attributes in the PerformanceTiming interfaces is recommended to be one millisecond or finer." All we actually need is to say "Throughout this work, time is measured in milliseconds since midnight of January 1, 1970 (UTC)." Section 4.2 uses (mostly) secureConnectionStart, while 4.5 uses exclusively handshakeStart (algorithm and diagram). The note on relaxed same origin policy doesn't have any obvious relevance to the place in the document. I suggest it be moved to the security section, and a short summary of our discussions and decisions presented there. In the security section, section 6.3 needs a little bit more flesh. It currently says "There is potential for [badness] by using carefully crafted timing attacks.", which is not very enlightening. I suggest a sentence or two is included about how one would go about such an attack, so that it becomes clear why cross-origin restrictions are the answer. -- Sigbjørn Vik Quality Assurance Opera Software
Received on Thursday, 17 March 2011 11:07:08 UTC