I forgot to include anything about the timing related attacks in the security section of the specification. This PR adds a subsection that talks about the vulnerability and specifies that the UA must prevent
differences in timing during navigation (which could potentially be measured from JS). We don't specify the exact way to do this (but provide some examples) since there are multiple acceptable ways.
I forgot to include anything about the timing related attacks in the security section of the specification. This PR adds a subsection that talks about the vulnerability and specifies that the UA must prevent differences in timing during navigation (which could potentially be measured from JS). We don't specify the exact way to do this (but provide some examples) since there are multiple acceptable ways.
Fixes #62