On Sep 13, 2013, at 3:57 AM, Jacob Appelbaum <[email protected]> wrote: >> > I think this is a reasonable read but I'd like to encourage dissent > here. Time is a very important part of almost all cryptographic > protocols - if an attacker is able to distinguish queries about time > from other queries, it allows the attacker to discriminate and thus to > tamper with time related protocols. This is especially true when the > system in question may not have a properly sync'ed clock.
I concur. Unless you have a VERY hard reason NOT to encrypt, then encrypt. Even if it does nothing for you, it helps mask other encrypted traffic. -- Dean
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
