Long-Term Web Browser Mitigations for Spectre

[Charlie Reis]

Hi folks!

There's a lot of implicit context about mitigating Spectre in discussions like https://github.com/whatwg/html/issues/4175, and lots of interest from people who may be affected (e.g., by modes for re-enabling SharedArrayBuffers).  To try to capture where we stand with mitigations and where we might head, I put together the following document:

Long-Term Web Browser Mitigations for Spectre

This gives a sense for what Site Isolation offers, what its current limitations are, and what options we might consider to better mitigate Spectre-like attacks with it in the future.  The document suggests that it might be useful to think of the restrictions for bringing back SharedArrayBuffers (etc) as a stepping stone towards potential future defaults for the web platform.

There are still some open questions about which modes to choose, how well they mitigate attacks, and how easy they will be to adopt.  There are difficult tradeoffs there, and I'm hoping we can use this public list (along with the existing whatwg issues) to find a way forward.

Hope the document is helpful in reasoning about these topics.  Thanks to the many folks who have contributed, and whose ideas have helped shape it!

Thanks,

Charlie