On Dec 10, 2012, at 5:54 AM, Johan Pouwelse <[email protected]> wrote: >> > > Indeed, so beating DPI means altering the majority of packet flow to > use a camouflage technique?
Perhaps to use multiple such techniques. If everything is encrypted, time-randomized, size-randomized, and TORed, DPI gets a lot harder. > I've thought years ago about a "state explosion" and "cover traffic" approach. > So the majority of traffic should be in encrypted form, providing > cover. How realistic is that unfortunately? A few years back we thought it unreasonable for a major web site to use https for anything other than the initial sign-on. Now it's the norm for reading email. > You could possibly overload hardware that operates at wirespeed by > increasing state. Thus two people communicating over the years should > preserve state and use that. > -johan. That's an interesting idea. Not entirely dissimilar from perfect forward secrecy techniques, as used in ZRTP for example; key-revision state is preserved, so that any MITM substitution that succeeds can be detected. -- Dean _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
