On Fri, Jan 17, 2014 at 5:39 PM, Peter Eckersley <[email protected]> wrote:
> Mike has been worrying about the oracle attack where someone measures > performance differences to tell whether someone has visited site X > before, based on whether their HTTPSE instance needs to go to disk to > fetch a ruleset from sqlite. > This is a good point, but it applies equally to testing for cached content or DNS on site X, right? > On the other hand, the SQLite solution should be let us scale not just > to ~10K rulesets but if we're lucky to more like ~100K. This is one of the things I like about it. Also it reduces memory use, which is especially valuable on mobile.
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
