- From: Bryan McQuade <bmcquade@google.com>
- Date: Thu, 6 Oct 2011 10:00:49 -0400
- To: public-web-security@w3.org
Billy and Paul, The goal here is to collect specific novel attacks (that is, attacks not possible without this new information) that arise as a result of resource timing. You've said "The performance timing information in the new API has implications fat beyond Felton's classic work on browser or shared cache snooping" and "I expect these capabilities will be on-par with custom native code attack tools." but I do not see any specific novel attack vectors mentioned in your responses that are only possible with the addition of this data. Can you please elaborate to provide specific novel attack vectors that arise as a result of providing this new data, so we can analyze them and confirm that they are indeed not possible without the data provided by resource timing? Thanks! -Bryan
Received on Thursday, 6 October 2011 14:01:18 UTC