Martin Rex <m...@sap.com> writes: >There is a concept called "provable correctness",
The problem with provable whatever is that it merely proves that, as far as the provers can tell, the thing they're dealing with conforms to some abstract model. I don't think you can prove much about whatever hiding the ContentType is supposed to achieve because there's no model for it that says, for example, "for an attacker with these capabilities, under these conditions, the following security guarantees are provided". However, we do have a pile of empirical data showing that pretty much any seems-like-a-good-idea traffic-hiding really only works until the moment someone tries to attack it. The best reference for this is "Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail" by Dyer et al. So at the moment I'd say that if there's some measure that's completely free (no downsides for anything else) then you may as well apply it because it can't make things any worse, but not to say "let's do X because it seems like a good idea" when it has no empirically-demonstrable benefit but lots of drawbacks. And it's the "empirically-demonstrable" that's important, Peek-a-Boo is chock full of examples of things that seemed like a good idea but that don't actually provide much, if any, benefit, while at the same time introducing all sorts of downsides. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
