On Mon, Jun 1, 2015 at 4:15 PM, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
Hi,
I think this is reasonable. However, it seems necessary to qualify it
by pointing out that users of HTTPS remain exposed to traffic analysis
(e.g. see https://arxiv.org/pdf/1403.0297).
Agreed.
But I would add a note to say that blocking traffic analysis is something that requires link layer encryption. I don't think we can do much to prevent that type of attack in IETF but we could stir IEEE to do something useful.