----- Original Message ----- From: "Stephen Farrell" <stephen.farrell@xxxxxxxxx> To: "Stefan Winter" <stefan.winter@xxxxxxxxxx>; <ietf@xxxxxxxx> Sent: Friday, December 06, 2013 11:58 AM > > On 12/06/2013 10:15 AM, Stefan Winter wrote: > > The TV manufacturer could have used it - they were simply stupid > > enough to forget about it. > > I think in that case, the person who spotted the issue would > also have considered it odd if ciphertext continued to be > emitted after they had clicked the "don't send" button. > The person who spotted the issue did click "don't send" and the messages continued to be sent (according to the reports). Which is, after all, exactly what you would expect to see with good security - don't give the other parties an opportunity to use traffic analysis to determine what is going on. Tom Petch > S.