Where and by whom is the work is being done?

• Primary contacts:
  • @arichiv, Google Chrome
• Organization/project driving the specification: Google Chrome
• This work is being funded by: Google
• Primary standards group developing this feature: None
• Group intended to standardize this work: None
• Incubation and standards groups that have discussed the design: None

Feedback so far

• Multi-stakeholder feedback:
  • Chromium comments: https://chromestatus.com/feature/6496757559197696
  • Mozilla comments: https://github.com/mozilla/standards-positions/issues/1299
  • WebKit comments: https://github.com/WebKit/standards-positions/issues/550
• Major unresolved issues with or opposition to this specification: None
• Status/issue trackers for implementations: https://crbug.com/415691664

You should also know that...

By exploiting limits in the TCP connection pool size on Chrome, knowledge can be gained about cross-site state which would otherwise be inaccessible. Specifically, it’s possible (with some statistical certainty) to evaluate the login state, visited history, or even something more specific like whether gmail has pending messages in the inbox.

To mitigate this we are doubling the per-profile socket pool to 513 (512 was already studied and seen to have no negative impact) while imposing a per-top-level-site limit of 256 (the old global limit). This change should be entirely transparent to most sites and is anticipated to be a wash performance wise.

<!-- Content below this is maintained by @w3c-tag-bot -->

---

Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1151