Provide guidelines for mitigation algorithms

This patch is providing guidelines on numerical values to select for the mitigation algorithms parameters. [1] [1] w3c#197 (comment) Fixes: w3c#240
arskama · Nov 1, 2023 · 8b67027 · 8b67027
1 parent 2873936
commit 8b67027
Showing 1 changed file with 33 additions and 3 deletions.
diff --git a/index.html b/index.html
@@ -883,7 +883,7 @@ <h3>Supporting algorithms</h3>
       <ul>
         <li>
           set |observer|.{{PressureObserver/[[ObservationWindow]]}} to an [=implementation-defined=] randomized integer value in
-          milliseconds within an [=implementation-defined=] range, e.g., random between 300000 and 600000 (5 and 10 minutes).
+          milliseconds within an [=implementation-defined=] range.
         </li>
         <li>
           set |observer|.{{PressureObserver/[[MaxChangesThreshold]]}} to an [=implementation-defined=] randomized integer
@@ -1429,6 +1429,25 @@ <h4>Rate obfuscation</h4>
           received from the platform collector during this penalty.
         </p>
       </section>
+      <section>
+        <h4>Rate obfuscation parameters</h4>
+        <p><i>This section is non-normative.</i></p>
+        <p>
+          Based on implementation experience, implementers are advised to use:
+          <ul>
+            <li>
+              a range in between 300000 milliseconds (5 minutes) and 600000 milliseconds (10 minutes) for |observer|.{{PressureObserver/[[ObservationWindow]]}}.
+            </li>
+            <li>
+              a range in between 50 and 100 changes for |observer|.{{PressureObserver/[[MaxChangesThreshold]]}}.
+            </li>
+            <li>
+              a range in between 5000 milliseconds and 10000 milliseconds for |observer|.{{PressureObserver/[[PenaltyDuration]]}}.
+            </li>
+          </ul>
+          These values are subject to change and are updated based on further implementation experience and research findings.
+        </p>
+      </section>
       <section>
         <h4>Break calibration</h4>
         <p>
@@ -1442,14 +1461,25 @@ <h4>Break calibration</h4>
           at runtime when this mitigation is running continuously. Any attempts to recalibrate
           will similarly be mitigated against.
         </p>
-        <div class="note">
+        <aside class="note">
           Modern browsers throttle background tabs using [=implementation-defined=]
           heuristics in order to reduce resource usage. For example, after a period of
           no user interaction a background tab can be throttled that will influence
           the global pressure state of the system. This built-in feature of modern
           browsers further improves the effectiveness of the break calibration
           mitigation.
-        </div>
+        </aside>
+      </section>
+      <section>
+        <h4>Break calibration parameters</h4>
+        <p><i>This section is non-normative.</i></p>
+        <p>
+          Based on implementation experience, implementers are advised to apply the mitigation
+          to a randomized time value within a range between 120000 milliseconds (2minutes) and 240000 milliseconds (4 minutes).
+        </p>
+        <p>
+          These values are subject to change and are updated based on further implementation experience and research findings.
+        </p>
       </section>
       <section>
         <h4>Same-origin restriction</h4>