Gemini privacy

Stephane Bortzmeyer stephane at sources.org
Tue Mar 9 07:48:31 GMT 2021

Previous message (by thread): Don't design security protocols (Was: Gemini privacy
Next message (by thread): Gemini privacy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 08, 2021 at 09:59:53PM +0000,
 Phil Leblanc <philanc at gmail.com> wrote 
 a message of 64 lines which said:

> Now Nathan looks at Alice's encrypted traffic with Bob's
> server. Just looking at the response sizes, Nathan knows what
> file(s) Alice has accessed and their content (collected during the
> indexing phase).  No crypto, no MITM involved.

This attack is well known and, for HTTP, documented in many
articles. A general view of the problem and of countermeasures is
"Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis
Countermeasures Fail"
<https://cise.ufl.edu/~teshrim/tmAnotherLook.pdf>.

> What countermeasures could we propose? I can think of a few more or
> less practical approaches::

4. The client could obfuscate the traffic with many gratuitous
requests. See the excellent book "Obfuscation"
<https://mitpress.mit.edu/books/obfuscation>.

Previous message (by thread): Don't design security protocols (Was: Gemini privacy
Next message (by thread): Gemini privacy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list