On Tue, Nov 27, 2018 at 12:13 PM David Fifield david@bamsoftware.com wrote:
On Tue, Nov 27, 2018 at 08:23:21AM -0500, Nick Mathewson wrote:
### Traffic Fingerprinting of TCP-like systems
[...]
This class of attacks is solvable, especially if the exact same TCP-like implementation is used by all clients, but it also requires careful consideration and additional constraints to be placed on the TCP stack(s) in use that are not usually considered by TCP implementations -- particularly to ensure that they do not depend on OS-specific features or try to learn things about their environment over time, across different connections.
Thanks, this is nice and thoughtful analysis.
Does the word "clients" in the last paragraph meant to exclude servers? Or should I understand something like "peers" that includes clients and servers? I'm trying to think of how fingerprinting a server could be useful to an attacker. An onion service doesn't count as a server--at the layer of the TCP-like protocol, it's a client, with the RP as server.
Right. I *think* that only parties that need anonymity need to avoid TCP fingerprinting.
cheers,