On Wed, Aug 21, 2019 at 7:40 PM Sebastian Streich wrote:
> Estimated or target release: Firefox 70
The plan is to enable this on Firefox 72 Nightly to see if there's any
fallout that needs addressing. It will not ride the trains. This is
tracked by
tml/pull/4115
>
> What is the tuple we're keying on?
>
> Cheers,
> Martin
>
> On Thu, Aug 22, 2019 at 3:40 AM Sebastian Streich
> wrote:
>
> > Intent to Implement- Double-keyed HTTP cache
> >
> >
> > Summary:
> >
> > Currently Browsers are vu
On Thu, Aug 22, 2019 at 4:26 AM Martin Thomson wrote:
> What is the tuple we're keying on?
Top-level origin only. This still allows C to attack B in your
scenario (or vice versa). There's a variety of other side channel
attacks on " sites" too, including various members of the
Window object,
cation. I couldn't find a PR on fetch either.
What is the tuple we're keying on?
Cheers,
Martin
On Thu, Aug 22, 2019 at 3:40 AM Sebastian Streich
wrote:
> Intent to Implement- Double-keyed HTTP cache
>
>
> Summary:
>
> Currently Browsers are vulnerable to cache-timing attacks,
Intent to Implement- Double-keyed HTTP cache
Summary:
Currently Browsers are vulnerable to cache-timing attacks, commonly
referred to as XS Leaks attacks. Starting with Firefox 70 we want to
explore a double-keyed HTTP cache. Instead of solely using the origin of
the resource, we will double
5 matches
Mail list logo