Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?)

[Henrique de Moraes Holschuh <hmh@debian.org>]

On Fri, 11 Nov 2016, Christoph Biedl wrote:
> a proof of concept for all this (I can resist, though). The apt programs
> could obfuscate their request behaviour, the TLS layer could add random
> padding of data and time, but I doubt this would help much.

AFAIK, the TLS layer *does* bit-stuffing and random padding, but it
cannot do that to the point it would help the problem at hand, and still
be usable.

Bitstuffing TLS to the point it could (maybe) deal with the Debian
archive is the wrong solution for the problem anyway, so I won't expand
on this.

-- 
  Henrique Holschuh