[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] Information leakage and the extension regisrty.



Deep bow to Chris the Peacemaker.

On Tue, Dec 7, 2010 at 9:35 AM, Chris Marrin <cmarrin@apple.com> wrote:
>
> On Dec 7, 2010, at 4:53 AM, Benoit Jacob wrote:
>
>> ----- Original Message -----
>>> If we are really serious about stopping information leakage then
>>> having
>>> even a few individual queryable extensions is a terrible idea -
>>
>> Please, please, let's not have this discussion again!
>
> Why would you say this and then go on to fire another volley? The way to stop a war is to lay down your weapons.
>
>>
>> I already explained my position on this yesterday, but let me quickly reexplain in different terms. In any interface, it is almost impossible to avoid having some information leakage. For example, through timing attacks. In the case of WebGL, another medium of leakage is through comparison of rendered pixel values.
>>
>> So I'm *not* trying to have zero leakage. I'm just trying to keep the leakage limited. In this respect, it's relatively OK to have some extensions and getParameter()'s. I'd be surprised if one could extract more than 5 or 6 bits from all that, because these things are mutually correlated. By contrast, the RENDERER/VERSION strings give 13 bits right away, and moreover allow user categorization as Oliver noted. Furthermore, as Vladimir noted, the RENDERER string had the (to many people, even more important) problem that it was going to create a new user-agent-string epic.
>>
>> So I don't have a particular problem with extensions as they currently are looking like.
>>
>> Benoit
>> -----------------------------------------------------------
>> You are currently subscribed to public_webgl@khronos.org.
>> To unsubscribe, send an email to majordomo@khronos.org with
>> the following command in the body of your email:
>>
>
> -----
> ~Chris
> cmarrin@apple.com
>
>
>
>
> -----------------------------------------------------------
> You are currently subscribed to public_webgl@khronos.org.
> To unsubscribe, send an email to majordomo@khronos.org with
> the following command in the body of your email:
>
>

-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email: