From 5528af0524e4637caa5545d1f57e7b31e37495ea Mon Sep 17 00:00:00 2001
From: david-sarah <david-sarah@jacaranda.org>
Date: Sun, 24 Oct 2010 16:42:59 -0700
Subject: [PATCH] docs/known_issues.rst: Add section on traffic analysis. Fix
 URL for current version of file.

---
 docs/known_issues.rst | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/docs/known_issues.rst b/docs/known_issues.rst
index 58be6ab9..515624f3 100644
--- a/docs/known_issues.rst
+++ b/docs/known_issues.rst
@@ -17,7 +17,7 @@ Overview
 Below is a list of known issues in recent releases of Tahoe-LAFS, and how to
 manage them.  The current version of this file can be found at
 
-http://tahoe-lafs.org/source/tahoe-lafs/trunk/docs/known_issues.txt
+http://tahoe-lafs.org/source/tahoe-lafs/trunk/docs/known_issues.rst
 
 If you've been using Tahoe-LAFS since v1.1 (released 2008-06-11) or if you're
 just curious about what sort of mistakes we've made in the past, then you might
@@ -200,3 +200,30 @@ Known issues in the FTP and SFTP frontends
 
 These are documented in docs/frontends/FTP-and-SFTP.txt and at
 <http://tahoe-lafs.org/trac/tahoe-lafs/wiki/SftpFrontend>.
+
+
+Traffic analysis based on sizes of files/directories, storage indices, and timing
+---------------------------------------------------------------------------------
+
+Files and directories stored by Tahoe-LAFS are encrypted, but the ciphertext
+reveals the exact size of the original file or directory representation.
+This information is available to passive eavesdroppers and to server operators.
+
+For example, a large data set with known file sizes could probably be
+identified with a high degree of confidence.
+
+Uploads and downloads of the same file or directory can be linked by server
+operators, even without making assumptions based on file size. Anyone who
+knows the introducer furl for a grid may be able to act as a server operator.
+This implies that if such an attacker knows which file/directory is being
+accessed in a particular request (by some other form of surveillance, say),
+then they can identify later or earlier accesses of the same file/directory.
+
+Observing requests during a directory traversal (such as a deep-check
+operation) could reveal information about the directory structure, i.e.
+which files and subdirectories are linked from a given directory.
+
+Attackers can combine the above information with inferences based on timing
+correlations. For instance, two files that are accessed close together in
+time are likely to be related even if they are not linked in the directory
+structure. Also, users that access the same files may be related to each other.
-- 
2.45.2