[Cryptography] IAB Statement on Internet Confidentiality

Stephen Farrell stephen.farrell at cs.tcd.ie
Tue Nov 18 05:06:26 EST 2014

On 17/11/14 20:59, Andreas Briese wrote:
>> > 
>> > For example, traffic to https://firstlook.org/theintercept/
>> > is encrypted, but even a passive observer can tell
>> > what articles I've read, just by looking at the file
>> > sizes.
>> > 
> Do’nt know, if the example is valid here, since encryption says nothing
> about traffic size. The interesting equation would be, if your IP
> calling the site will be protected by standard or not, and if all nodes
> between you and the site need to know about you calling for an article.

Both HTTP/2 and TLS1.3 are looking at including traffic
padding mechanisms. I've not checked the latest drafts
for those but I think they should allow implementations
in future to do better at this issue.


More information about the cryptography mailing list