> On 27 Jun 2017, at 3:25 am, Colm MacCárthaigh <c...@allcosts.net> wrote: > > > > On Sun, Jun 25, 2017 at 11:43 PM, Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > I understood that the cache probing attack requires much less replays > than the other side-channel ones. And furthermore, distributing the > replays among zones makes the attack easier (because replay with the > cached data hot doesn't tell that much). > > In practice with real world HTTP caches, one replay is often sufficient. > That's because in addition to the faster load time you can look at the cache > headers (like max-age)
I think you mean Age. > to pinpoint that it was the replay that put the item in the cache. This would > work with DNS too, where TTL or RRSET cycling leaks more information in the > same way. > > Using more zones does help, and if the attacker were targeting a busy cache, > then it can certainly help to weed out the noise and increase the likelihood > of finding a zone/node where the cache is empty to begin with. Cheers, -- Mark Nottingham https://www.mnot.net/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
