Re: [w3ctag/design-reviews] Early design review: opaque-blocklisted-never-sniffed MIME types (#618) from Lukasz Anforowicz on 2021-03-24 (public-webapps-github@w3.org from March 2021)

From: Lukasz Anforowicz <notifications@github.com>
Date: Wed, 24 Mar 2021 10:26:30 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/618/806017154@github.com>

> One of the things we try to emphasise in our explainer guidance is the need to start with user need. Can you elaborate on that a bit?

User impact of ORB and CORB:
- behavior/functionality: no impact (assuming HTTP responses use correct `Content-Type`)
- security: big positive impact - Site Isolation / Out of Process IFrames (OOPIFs) do not offer a meaningful security boundary without ORB and/or CORB.  OOPIFs combined with ORB/CORB are an important piece of defenses against the threat of Spectre-based attacks.
- performance: some risk



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/618#issuecomment-806017154

Received on Wednesday, 24 March 2021 17:26:46 UTC