On 22.08.2013 17:38, Ralph J.Mayer wrote: > It may help to obfuscate his communications a bit. But as soon as an attacker > is able to do statistics or capture traffic at any point of the communication > he is lost.
This is certainly not true for a network of sufficiently large servers. I doubt for example that you can do useful traffic analysis on the s2s in/out of jabber.org or any other that large server. And in such a case it is a huge difference whether s2s+c2s are encrypted or not. Additionally, to run timing attacks, the attacker needs not only /one/ edge in the network, but at least two edges to capture traffic (at least if you not only want to prove that communication is going on, but also who communicates with whom). And these edges in the network would have to be sufficiently small (e.g. end-user nodes or small xmpp servers). And even then it is not possible for the adversary to distinguish between IQ and Message contents. A file transfer would probably be obvious though. Of course, s2s+c2s encryption cannot replace end-to-end crypto for the users, and if only because you should not trust your hosting provider or your xmpp server provider to be honest and not sniff all your traffic and forward it to the NSA. jw
