On 2015-11-28 19:58, Watson Ladd wrote:
I think the above analysis is wrong. Consider a service written in Go using the built-in TLS library. Then the number and sizes of writes is visible to an attacker, which can reveal information about which branches were taken and the data sent. That's not because the total size of the response necessarily changes, but the sequence of writes taken to get there.
I am not familiar with the internals of that implementation, but if the individual writes are immediately TLS encrypted and sent over the network, the timing of the TCP/IP data will likely leak a lot of information about the number and sizes of writes as well.
It doesn't seem like a perfect design choice to use encryption to hide information that will leak with non-negligible probability anyway.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
