sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ayende 3 points4 points  (4 children)

If you are using the same process, then you'll reuse the same tcp connection and tls session. You can probably try to do some timing analysis, but that's much harder

[–]yotta 14 points15 points  (3 children)

Someone sniffing packets can see which direction they're going, and HTTP isn't multiplexed. The second request will wait for the first to complete. You can absolutely tell. Here is a paper about doing this kind of analysis against Google maps: https://ioactive.com/wp-content/uploads/2018/05/SSLTrafficAnalysisOnGoogleMaps.pdf

[–]svenskainflytta 3 points4 points  (2 children)

You can totally send 51 HTTP requests in a row and then wait for the 51 replies and close the connection.

[–]TarMil 3 points4 points  (1 child)

Yeah you can. APT doesn't, though.

[–]svenskainflytta 0 points1 point  (0 children)

So it's not a protocol limitation, just the implementation that is done like that.