On Mon, Jun 1, 2015 at 4:15 PM, Brian E Carpenter <
brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
Hi,
I think this is reasonable. However, it seems necessary to qualify it
by pointing out that users of HTTPS remain exposed to traffic analysis
(e.g. see https://arxiv.org/pdf/1403.0297).
Agreed.
But I would add a note to say that blocking traffic analysis is something
that requires link layer encryption. I don't think we can do much to
prevent that type of attack in IETF but we could stir IEEE to do something
useful.