John S. Denker writes: > More specifically, anybody who thinks the scheme > I described is vulnerable to a timing attack isn't > paying attention. I addressed this point several > times in my original note. All transmissions > adhere to a schedule -- independent of the amount, > timing, meaning, and other characteristics of the > payload. > > And this does not require wide-area synchronization. > If incoming packets are delayed or lost, outgoing > packets may have to include nulls (i.e. cover traffic).
Suppose you are engaged in a video conference with another party via an anonymous real-time communications network. Don't you agree that you cannot remain anonymous to that party, if they have the power to insert arbitrary delays into communication links? How could you prevent frame dropouts when she delays your link into the anonymizing cloud? You can insert nulls, or get the cloud to do it for you, but it will be obvious to the recipient that your video has stopped. This again demonstrates that you cannot remain anonymous with realtime communication against an adversary who can corrupt selected endpoints and who can insert traffic delays. If you disagree, explain how you will counter this attack. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]