- From: James M Snell <jasnell@gmail.com>
- Date: Mon, 4 Feb 2013 21:05:28 -0800
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Received on Tuesday, 5 February 2013 05:06:15 UTC
Certainly worth a read and relevant to the http/2 work... http://www.isg.rhul.ac.uk/tls/TLStiming.pdf This is certainly an interesting approach to attacking TLS that is based fundamentally on the amount of time it takes to process specific CBC ciphertext blocks. There are some definite practical limitations to the approach that limits its effectiveness but it ought to inform us as to various traps we need to avoid in other areas. For instance, while reading this I could not help but wonder if the processing timing associated with the various compression algorithms could not be used to a similar effect... particularly as a means of determining what data might already have been stored in the context. It's something to at least keep in mind moving forward.
Received on Tuesday, 5 February 2013 05:06:15 UTC