OK, I'll move this out of the "if you can do a lot of replays" section
On Mon, Jun 26, 2017 at 10:25 AM, Colm MacCárthaigh <[email protected]> wrote: > > > On Sun, Jun 25, 2017 at 11:43 PM, Ilari Liusvaara < > [email protected]> wrote: > >> I understood that the cache probing attack requires much less replays >> than the other side-channel ones. And furthermore, distributing the >> replays among zones makes the attack easier (because replay with the >> cached data hot doesn't tell that much). >> > > In practice with real world HTTP caches, one replay is often sufficient. > That's because in addition to the faster load time you can look at the > cache headers (like max-age) to pinpoint that it was the replay that put > the item in the cache. This would work with DNS too, where TTL or RRSET > cycling leaks more information in the same way. > > Using more zones does help, and if the attacker were targeting a busy > cache, then it can certainly help to weed out the noise and increase the > likelihood of finding a zone/node where the cache is empty to begin with. > > -- > Colm >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
