-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathindex.html
212 lines (188 loc) · 7.85 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
<!DOCTYPE html>
<meta charset="utf-8">
<title>Sustainability of Bundling and Caching</title>
<script class="remove" src="https://www.w3.org/Tools/respec/respec-w3c">
</script>
<script class="remove">
var respecConfig = {
specStatus: "draft-finding",
editors: [
{
name: "Sangwhan Moon",
url: "",
company: "Google",
w3cid: 42399
},
{
name: "Lea Verou",
url: "https://lea.verou.me",
company: "W3C Invited Experts",
w3cid: 52258
},
{
name: "Yves Lafon",
url: "",
company: "W3C",
w3cid: 3182
}
],
group: "tag",
wgPublicList: "www-tag",
github: "w3ctag/caching-bundling-sustainability",
format: "markdown",
localBiblio: {
"COSI" : {
title: "Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks",
href: "https://arxiv.org/pdf/1908.02204.pdf",
authors: [
"Avinash Sudhodanan",
"Soheil Khodayari",
"Juan Caballero",
],
},
"EWP" : {
title: "Ethical Web Principles",
href: "https://www.w3.org/2001/tag/doc/ethical-web-principles/",
publisher: "W3C",
},
"PARTITIONING" : {
title: "Client-Side Storage Partitioning",
href: "https://github.com/privacycg/storage-partitioning",
authors: [
"Anne van Kesteren",
],
},
"TIMING" : {
title: "Timing attacks on Web privacy",
href: "https://doi.org/10.1145/352600.352606",
authors: [
"Felten, E. W.",
"Schneider, M. A."
],
},
"XS-LEAKS" : {
title: "XS-Leaks Wiki",
href: "https://xsleaks.dev/",
},
},
};
</script>
<body class="informative">
<section id="abstract">
This finding examines the sustainability of bundling
and storage partitioning in web development.
Bundling dependencies into a single file can improve efficiency,
but it results in repeated downloads of resources,
negatively impacting end-user experience.
Partitioning client-side storage by origin
benefits user privacy and security
but increases storage, energy consumption, and bandwidth costs.
The finding suggests experimenting with smart delays
for cache fetches and bundling with delta transport as potential mitigations.
The finding highlights the need for awareness
of the hidden costs and sustainability risks
and the benefits of reusing client-side resources.
</section>
<section id="sotd">
This document is an early draft and does not reflect the consensus of the TAG.
</section>
## Introduction
Improvements in both the performance and efficiency of modern computers,
combined with tremendous advances in optimizations
within web browsers have made it possible to run
large web applications while providing
a near-native user experience and performance.
This allowed developers to essentially move towards
a development pattern that enables code re-use from many small packages.
The downside of the agility gained by this pattern is that
when this practice was first introduced,
transporting many small files was not efficient,
and modules were not readily available.
Bundling all of these dependencies into a single file
and compressing it became a common practice
for both transport efficiency and easier dependency management,
analogous to static linking in native development.
The unfortunate side effect of this practice is that
it results in the user having to download duplicate code,
as the browser is unable to determine
if a given bundle contains a specific library.
Additionally,
various privacy and security issues identified with client-side storage mechanisms
have been mitigated by the introduction of storage partitioning,
also known as double-keying. [[PARTITIONING]] [[COSI]] [[TIMING]] [[XS-LEAKS]]
While necessary,
this has had the negative effect
of increased transport costs.
The repeated downloads of resources
can mean increased delay, energy consumption, storage bloat, and data cost
to the end user.
## Transport Sustainability on the Web Platform
We want to increase broader community awareness
of the hidden costs and sustainability risks
introduced by bundling and storage partitioning.
Neither transport nor computation is free;
these are costs that both the content provider and the user ends up paying.
Also, different user populations
pay different comparative costs for transport.
Having to download chunks of code that are largely duplicated
repeatedly is detrimental to the end-user experience.
A simple thought experiment would be to think about
how many times jQuery has been downloaded since its introduction;
and how much we could have saved users in data packet fees
if there was some level of re-use on the client side.
## Benefits and Costs of Storage Partitioning
The effort to partition all client-side storage mechanisms
began [in 2013](https://bugs.webkit.org/show_bug.cgi?id=110269).
There are two kinds of attacks that storage partitioning mitigates:
1. Without storage partitioning,
Site A can infer that a user has visited Site B,
and can discover state from Site B specific to the user,
by embedding resources from Site B. [[COSI]] [[TIMING]] [[XS-LEAKS]]
2. Without storage partitioning,
a site that provides a service to many other sites
by being embedded onto them
can track users across those sites. [[PARTITIONING]]
Storage partitioning has been quite successful
at addressing these attacks,
but the tradeoffs made are considerable.
Loading resources separately for each origin results in:
- Lessened benefit of different websites loading shared resources from
a <abbr title="Content Delivery Network">CDN</abbr>,
which is not well understood by developers.
- Additional storage space is required to store these cached resources.
- Additional packages are transferred over the wire,
which, in many scenarios, can be an actual financial burden for users.
- Additional energy is consumed as extra CPU cycles are used for decoding, parsing, and executing resources.
- Additional bandwidth used must be paid for by users, intermediaries, and content providers.
## The Hidden Cost of Bundling
Bundling lowers latency, lowers the transport cost by reducing the number of
requests and makes the package atomic,
but the hidden cost is the unused payload
and the recurring cost of it during an update.
There is also the inherent risk of “write amplification”,
where even a single byte change in a web application requires
downloading the entire application from scratch.
There is a definite cost associated with this,
both from the end of providing the application,
as well as receiving the application.
When HTTP/2 [[RFC9113]] was introduced, attempts were made to alleviate the need for bundling using Server Push, but the performance gain was not noticeable enough to justify the complexity cost.
The introduction of HTTP/3 [[RFC9114]], based on QUIC [[RFC9000]] may provide new solutions to these issues.
## Angles for Experimentation
We cannot compromise on the security and privacy guarantees that double keying provides.
Additionally, no immediate replacements provide equivalent conveniences and functionality
that bundling provides as of the time of writing.
If we move the ecosystem to be unbundled, the cost of transport will go up.
However, we cannot simply remove double keying to alleviate that cost.
One potential way forward could be to experiment with mechanisms that
emulate the effects of double-keyed caching through a software layer
but not necessarily trigger the wire transport.
One potential avenue could involve a noising layer on top of a single-keyed cache,
which adds enough noise to prevent attacks that rely on timing (e.g., artificial delays)
or metadata (e.g., adding noise in latent state).
## Call to Action
Unfortunately, the solution to this is largely an unsolved problem
and the web platform does not yet have all the machinery needed to solve this problem.
We would like to see experts from the community
to experiment with different approaches to find a more sustainable solution
and eventually propose a solution that reduces the costs
while preserving the security and privacy guarantees we have today.