<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: Lazy Reading for 2018/02/25	</title>
	<atom:link href="https://www.dragonflydigest.com/2018/02/25/lazy-reading-for-2018-02-25/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.dragonflydigest.com/2018/02/25/lazy-reading-for-2018-02-25/</link>
	<description>A running description of activity related to DragonFly BSD.</description>
	<lastBuildDate>Sun, 25 Feb 2018 23:06:09 +0000</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>
	<item>
		<title>
		By: C		</title>
		<link>https://www.dragonflydigest.com/2018/02/25/lazy-reading-for-2018-02-25/comment-page-1/#comment-487212</link>

		<dc:creator><![CDATA[C]]></dc:creator>
		<pubDate>Sun, 25 Feb 2018 23:06:09 +0000</pubDate>
		<guid isPermaLink="false">https://www.dragonflydigest.com/?p=20882#comment-487212</guid>

					<description><![CDATA[&#062; but it doesn’t take into account the metadata leakage that https would prevent.

HTTPS doesn&#039;t really protect any metadata.  Package sizes are easily correlated with flow sizes.   The linked article covers this:  &quot;HTTPS does not provide meaningful privacy for obtaining packages. As an eavesdropper can usually see which hosts you are contacting ... even over an encrypted connection it is not difficult to figure out which files you are downloading based on the size of the transfer.&quot;]]></description>
			<content:encoded><![CDATA[<p>&gt; but it doesn’t take into account the metadata leakage that https would prevent.</p>
<p>HTTPS doesn&#8217;t really protect any metadata.  Package sizes are easily correlated with flow sizes.   The linked article covers this:  &#8220;HTTPS does not provide meaningful privacy for obtaining packages. As an eavesdropper can usually see which hosts you are contacting &#8230; even over an encrypted connection it is not difficult to figure out which files you are downloading based on the size of the transfer.&#8221;</p>
]]></content:encoded>
		
			</item>
	</channel>
</rss>
