> The standard definition of “traffic analysis” is deducing
> information from the metadata and the patterns of communications. It
> explicitly does NOT rely on knowing the content of the traffic (which
> is assumed to be opaque).
That's what I was trying to get across - that uncovering an unexpected
layer of encryption, even without the ability to decrypt it, is very
useful in a security context. Sorry for being unclear!You were perfectly clear. Apparently I was not clear enough explaining that the likelihood of being able to determine the presence of an unexpected layer of encryption is becoming increasingly slim, as all the bars (no pun intended :) keep rising. Organized crime capabilities are reaching the level of nation states, ankle biters reach up to where the organized crime was yesterday… Betting on malefactors to stay silly (send their traffic over TLS that complies with your monitoring, doing the extra work to add super-encryption but forgetting to obfuscate it, etc.) is not a safe or reasonable bet. Certainly not worth it, considering the risks that all the legitimate users will be subjected to by this feature.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
