And why are you unable to understand that that in the case of an
additional layer of
attacker-generated crypto nestled within a TLS tunnel, as you posited, that the
ability
to simply detect the presence of such an additional layer of unexpected crypto,
even
without the ability to immediately decrypt it, has substantial value in a
security context?
It may, or it may not – depending on the sophistication of your adversary. It
is not given that you’d be able to “simply detect the presence of an additional
crypto layer”, particularly if measures are taken to hide it.
Are you unfamiliar with the concept of traffic analysis, in the crypto
sense of the term?
The standard definition of “traffic analysis” is deducing information from the
metadata and the patterns of communications. It explicitly does NOT rely on
knowing the content of the traffic (which is assumed to be opaque). You may
learn more about it here https://en.wikipedia.org/wiki/Traffic_analysis :)
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
