>... random padding without (at least) pipelining and > placards *is* worthless to protect against traffic analysis
No, that is not true, and http://www.ieee-security.org/TC/SP2012/papers/4681a332.pdf explains why. Padding makes it difficult but not impossible to distinguish between two HTTPS destinations. 4,300,000 destinations is right out. > since any reliable method to do it would be necessarily robust > against deviation in size.... That's like saying any reliable method to solve satisfiability in polynomial time would be necessarily robust against variations in the number of terms per expression. It's not even wrong. When is the Foundation going to obtain the expertise to protect readers living under regimes which completely forbid HTTPS access to Wikipedia, like China? I suppose I better put that bug about steganography for the surveillance triggers from TOM-Skype in bugzilla. I wish that could have happened before everyone goes to Hong Kong. _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
