The security and privacy considerations section has a number of text issues that need clarifying or revising. Im happy to split these into separate issues if it'd be helpful.
The section mentions "timing attacks", but this is a very broad term. The text here would be more useful if the text was more precise: what kinds of attacks / timing issues are the authors concerned with and guarding against. My read from the text is that the section is most concerned with different sites observing the same event at the same time, and using that to link browsing contexts. There are other kinds of attacks that requiring timing information to conduct though (e.g., using timing signals to create a side/covert channel). In general, the text here would be improved by being more precise about what kinds of attacks are considered and addressed.
One sub-section is called "no side channels." I found this text confusing since, i. the text in the section seems mostly unrelated to side channels, and ii. "no side channels" is a goal, not a design feature (at least w/o some form of formal modeling thats not present in this spec, and not common in specs).
The sub-section on "first party contexts" is doubly confusing.
do the authors mean same domain or same site (i.e., same eTLD+1)? The text uses these terms interchangeably, but they mean different things.
Is the site restricted to only first-party contexts, or available to first-parties by default, but able to be extended / delegated to third-parties? The first paragraph implies the former, and the second paragraph suggests the latter
This issue is being filed as part of the requested PING review
The security and privacy considerations section has a number of text issues that need clarifying or revising. Im happy to split these into separate issues if it'd be helpful.
The section mentions "timing attacks", but this is a very broad term. The text here would be more useful if the text was more precise: what kinds of attacks / timing issues are the authors concerned with and guarding against. My read from the text is that the section is most concerned with different sites observing the same event at the same time, and using that to link browsing contexts. There are other kinds of attacks that requiring timing information to conduct though (e.g., using timing signals to create a side/covert channel). In general, the text here would be improved by being more precise about what kinds of attacks are considered and addressed.
One sub-section is called "no side channels." I found this text confusing since, i. the text in the section seems mostly unrelated to side channels, and ii. "no side channels" is a goal, not a design feature (at least w/o some form of formal modeling thats not present in this spec, and not common in specs).
The sub-section on "first party contexts" is doubly confusing.