On Thu, Dec 13, 2018 at 8:03 AM Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> On Thu, Dec 13, 2018 at 07:51:17AM -0800, Eric Rescorla wrote: > > > Random padding does poorly with repeated trials. So, for instance, > > if I get to observe a large number of requests from the same client > > to the same server, you can gradually infer the length of the cert > > chain. > > Yes, I was aware of this. But one might also note that may services > are not behind a CDN, and that data traffic patterns after the > handshake can also fingerprint the target service. > Yes. But the idea here is to gradually remove fingerprinting surface, and so the mitigations we recommend should work. -Ekr Session resumption helps to reduce the number of full handshakes > that leak some information about the certificate size. > > Users who really want (better) protection against traffic analysis > should use Tor. TLS traffic analysis protection from ESNI et. al. > is IMHO best-effort protection for casual use. > > If a user visits just one site (and no others) at a particular CDN, > absent traffic flow obfuscation ala Tor, the user's TLS traffic > will eventually stand out from the noise. > > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
