On Wed, Nov 11, 2020, at 09:28, Victor Vasiliev wrote: > > Thus, the draft needs to include privacy considerations, particularly > > regarding cross-origin tracking. I am also of the opinion that it should > > use flags, but that would depend on changes to the flags draft. > > I considered that. This particular attack seems to be fairly > web-specific, and since the mitigation (network partition keys > <https://fetch.spec.whatwg.org/#network-partition-keys>) relies heavily > on Web concepts, I'm not sure a TLS draft would be a good place for > describing it (compared to, say, Fetch).
A one sentence reminder that using this capability allows for transfer of information between what might otherwise be isolated server identities is all I'm asking for. I'm not asking for a full breakdown of storage isolation and fetch integration, just the hooks that would ensure that people know to think about this problem. Browsers are probably amply covered in this regard, but the problem exists more generally. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
