On Wed, Mar 16, 2016 at 2:30 PM, Adam Langley <a...@imperialviolet.org> wrote:
> On Wed, Mar 16, 2016 at 6:14 PM, Paterson, Kenny > <kenny.pater...@rhul.ac.uk> wrote: > >>provokes me to bring it up. Here's the crux of it; is it really a > >>security win to recommend the AEAD cipher suites for TLS 1.2 users? > > I'm skeptical about the benefit of padding to 16 bytes. While it does > increase the size classes in your Wikipedia example, Wikipedia pages > trigger subresource loads, which also have a size and page-to-page > navigation leaks more information. My takeaway from reading > traffic-analysis papers over the years is that countermeasures are > surprisingly difficult. > 16-bytes is small, I wish it were much bigger, but it may elevate things to where you even need to form a sub resource attack and increases the size of the graph/fingerprint that you need to maintain to form the sub-resource attack. I doubt it would thwart a large actor for very long, but it would help against smaller ones and I'm guessing that it might block some specific attacks like the autocompletion one mentioned in the paper. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls