2026-03-16, 18:03:55 -0700, Jakub Kicinski wrote: > On Tue, 17 Mar 2026 00:53:07 +0000 Wilfred Mallawa wrote: > > > Or maybe you could refer to existing implementations of this feature > > > in user space libs? The padding feature seems slightly nebulous, > > > I wasn't aware of anyone actually using it. Maybe I should ask... > > > are you actually planning to use it, or are you checking a box? > > > > For upcoming WD hardware, we were planning on informing users to use > > this feature if an extra layer of security can benefit their particular > > configuration. But to answer your question, I think this falls more > > into the "checking a box"... > > > > I'm happy to drop this series if there's not much added value from > > having this as an available option for users. > > I'm not much of a security person, and maybe Sabrina will disagree > but I feel like it's going to be hard for us to design this feature > in a sensible way if we don't know at least one potential attack :S
No, same here, that's why I tried to CC some userspace developers on the cover (as well as for awareness of what's going on in the kernel and the API being discussed -- adding them here again). My understanding is that attacks of this type are mainly "observers will figure out what type of traffic I'm doing based on message length", and I feel all those "traffic pattern masking" features are only interesting for very paranoid users. The RFC links to some research, and maybe the kind of statistics/machine learning that those attacks require has improved since, which could make such attacks more realistic? No idea. -- Sabrina
