[Wikimedia-l] Disinformation regarding perfect forward secrecy for HTTPS
James Salsman
jsalsman at gmail.com
Sat Aug 3 00:15:25 UTC 2013
>... random padding without (at least) pipelining and
> placards *is* worthless to protect against traffic analysis
No, that is not true, and
http://www.ieee-security.org/TC/SP2012/papers/4681a332.pdf
explains why. Padding makes it difficult but not impossible to distinguish
between two HTTPS destinations. 4,300,000 destinations is right out.
> since any reliable method to do it would be necessarily robust
> against deviation in size....
That's like saying any reliable method to solve satisfiability in
polynomial time would be necessarily robust against variations in the
number of terms per expression. It's not even wrong.
When is the Foundation going to obtain the expertise to protect readers
living under regimes which completely forbid HTTPS access to Wikipedia,
like China? I suppose I better put that bug about steganography for the
surveillance triggers from TOM-Skype in bugzilla. I wish that could have
happened before everyone goes to Hong Kong.
More information about the Wikimedia-l
mailing list