Great to hear that pipelining is already in use! I guess HTTPS plus pipelining
could mean that file size is no longer reliably readable for the network
observer. I've never profiles TLS and pipelining to know if there are still
visible signatures that would let the network observer find the bo
On Wed, Dec 08, 2021 at 09:44:19PM +0100, Hans-Christoph Steiner wrote:
>
> Package: apt
> Version: 2.3.13
> Severity: wishlist
>
> apt should pad its TLS connections to obscure the size of the downloaded
> files from network observers. Right now, an attacker could build an index
> of all packag
Package: apt
Version: 2.3.13
Severity: wishlist
apt should pad its TLS connections to obscure the size of the downloaded files
from network observers. Right now, an attacker could build an index of all
package sizes, then track the size of HTTPS streams to Debian mirrors, and from
that, be
3 matches
Mail list logo
