[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] CORS and resource provider awareness



On Tue, Oct 30, 2012 at 11:53 AM, Florian Bösch <pyalot@gmail.com> wrote:
> On Tue, Oct 30, 2012 at 7:15 PM, Kenneth Russell <kbr@google.com> wrote:
>> Separately, the WebGL community should collectively pursue the idea of
>> checking whether shaders obey the timing restrictions being defined by
>> the CSS shaders specification. If that works, then WebGL applications
>> would once again be able to safely access cross-domain media.
> Far as I could find the CSS shader spec has not yet decided on a
> restricting mechanism (timing or otherwise).
>
> Btw. I think that timing restrictions are not a good idea because it
> implies obeying a fixed time window for shader execution, which in
> turn implies that:
> 1) shaders *may* be aborted, which breaks apps.
> 2) drawArrays/Elements calls *will* be delayed from returning
> degrading app performance.

The timing restriction patch that I intended to refer to was Adobe's
contribution to the ANGLE project (http://cs.chromium.org , search for
SH_TIMING_RESTRICTIONS) which prevents control flow decisions from
being made based on values fetched from textures. I believe that this
would defend against the side-channel timing attack which forced the
WebGL spec to disallow the use of cross-origin media.

-Ken


> To me those issues look worse than what they're trying to solve, i.e.
> the proverbial cure that kills the patient.

-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email:
unsubscribe public_webgl
-----------------------------------------------------------