What about the random length padding as defined in TLS?
Rene
> Here I send to you a draft of the protocol, but there are a
> lot of work
> to do yet.
> Numbers and lengths are drafts too.
>
> Gabriel.
>
> Ben Laurie wrote:
> >
> > Gabriel Belingueres wrote:
> > >
> > > Hi,
> > >
> > > Talking in the sci.crypt newsgroup, I did have an
> > > idea about how to do the Web more secure against traffic
> analysis. The
> > > idea come from a paper I been reading ("Analysis of the SSL 3.0
> > > protocol" by B. Schneier and D. Wagner). They describe
> how an attacker
> > > can guess the pages you have been accessed by looking the
> lengths of the
> > > SSL messages exchanged in the HTTPS's requests and replys.
> > > The idea I was thinking is to add a tiny protocol between
> HTTP and SSL,
> > > to break the 1-to-1 mapping between HTTP and SSL
> messages. The mapping
> > > now would be in a random way.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
