Re: [SRI] Shared Cache through `sharedcache` attribute from Anne van Kesteren on 2015-10-14 (public-webappsec@w3.org from October 2015)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 14 Oct 2015 08:47:15 +0200
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: Francois Marier <francois@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADnb78gGqJVQZR=VqNbJUEAo4J8_QMx_d9PcKj-+cnUWZOsmOQ@mail.gmail.com>

On Wed, Oct 14, 2015 at 7:11 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> IIRC, the trickier bit is around csp.

How is the trickier bit not around privacy? Seems you can easily time
attack a shared cache and thereby figure out where the user has been.


-- 
https://annevankesteren.nl/

Received on Wednesday, 14 October 2015 06:47:40 UTC