Provide guidelines for mitigation algorithms #3
Conversation
This patch is providing guidelines on numerical values to select for the mitigation algorithms parameters. [1] [1] w3c#197 (comment) Fixes: w3c#240
index.html
Outdated
| @@ -870,6 +870,20 @@ <h3>Supporting algorithms</h3> | |||
| </ul> | |||
| Run the [=reset observation window=] steps and start a timer to re-run the steps when the observer.{{PressureObserver/[[ObservationWindow]]}} | |||
| time has passed, using different randomized values. | |||
| <aside class="note"> | |||
There was a problem hiding this comment.
I am not sure that is really a note...
index.html
Outdated
| Implementers are advised to use: | ||
| <ul> | ||
| <li> | ||
| a range in milliseconds between 300000 and 600000 for |observer|.{{PressureObserver/[[ObservationWindow]]}}. |
There was a problem hiding this comment.
a range between ... in milliseconds ?
There was a problem hiding this comment.
a range between 300.000 milliseconds (5 minutes) and 600.000 milliseconds (10 minutes) for |observer|.{{PressureObserver/[[ObservationWindow]]}}.
index.html
Outdated
| @@ -1363,14 +1377,21 @@ <h4>Break calibration</h4> | |||
| at runtime when this mitigation is running continuously. Any attempts to recalibrate | |||
| will similarly be mitigated against. | |||
| </p> | |||
| <div class="note"> | |||
| <aside class="note"> | |||
| This mitigation, if applied too often, can deteriorate the pressure state detection reliability. | |||
There was a problem hiding this comment.
deteriorate is a very strong word, also why is this more or a problem when done often? Not a fan of the "applied"
index.html
Outdated
| Therefore it is targeted for longer calibration attack processes. | ||
| Implementers are advised to apply the mitigation to a randomized time value in milliseconds | ||
| within a range between 120000 and 240000 (2 and 4 minutes). | ||
| Faster calibration processes can be mitigated by [=rate obfuscation=] mitigation. |
There was a problem hiding this comment.
I don't think it is clear what "faster calibration processes" refers to.
When can you calibrate fast? and when can you calibrate slowly?
You calibrate when you have focus and we need to make sure to somewhat invalidate that calibration. We dont even have to do it between a special time window, we could even do it whenever another page gains indirect focus and starts receiving telemetry data. - that should work just fine now that I am thinking about it - or just use slighly different thresholds per origin
There was a problem hiding this comment.
Faster calibration processes, I m thinking of something like you are doing with the demo...
We chnage the state very fast (5-10s) and we are trying to figure out in a short time period what state belongs to what load.
slower I was thinking that you are one in a while trying to increase the work load... every minute...
So the frequency of load change would be really low.
There was a problem hiding this comment.
but I think it is very confusing wording because they reader doesn't know about the demo etc
Signed-off-by: Arnaud Mandy <[email protected]>
index.html
Outdated
| a range in between 50 and 100 changes for |observer|.{{PressureObserver/[[MaxChangesThreshold]]}}. | ||
| </li> | ||
| <li> | ||
| a range in milliseconds between 5000 and 10000 for |observer|.{{PressureObserver/[[PenaltyDuration]]}}. |
Signed-off-by: Arnaud Mandy <[email protected]>
This patch is providing guidelines on numerical values to select for the mitigation algorithms parameters. [1]
[1] w3c#197 (comment)
Fixes: w3c#240