[Cryptography] traffic analysis -> let's write an RFC?

[grarpamp]

On Thu, Jan 29, 2015 at 7:01 AM, Jerry Leichter <leichter at lrw.com> wrote:
> Encryption at multiple
> layers in the stack is part of the solution, but is insufficient on its on
> to protect against traffic analysis.  We need new ideas here.

> We need new ideas here.

Filling unused bandwidth with chaff while encrypting links as
possible solution for passive analysis isn't new. Perhaps what is
new is that the adversaries in the papers of old are now actually and
widely present. Thus triggering renewed and demand based interest
and development in such defensive technologies hopefully resulting
in actual and lasting deployments this time.

Ubiquitous deployment wise... regarding any user oriented, controlled,
owned, and power emplaced security/privacy tech (as opposed to central
hier models) we're already critically 15 years behind the ball there.
Oops, that one cost us dearly. Better get moving.

It's 2015, kickstart an idea kickstarter around this if you need to.
Throw stuff out, see what sticks. It doesn't have to be a grand
scheme. Even bits that hold water and are cheap enough
to do and rip out later. In fact, grand schemes must be very wary
of locking you in for another eon unless you're damn sure
you've got it right, which never happens. Short of locking an
assortment of brilliants in a room, or hoping one crawls out from
under a rock, bits is where it's at as far as I can tell.