Comment by patrickmcmanus
11 years ago
> If it's public static content, what is SSL protecting?
https:// helps protect the act of participation and deters the building of dossiers.
Its the difference between the books in the library and the list of books in the library you have read.
Since SSL doesn't hide the length of the encrypted document, an attacker can make a good guess as to what public static content is being read.
Out of curiosity, does keeping connections alive help at all with this? Would an effective defense be embedding variable-length chunks of nonce in each header?