[tptacek]

What's the specific timing attack you're considering here?

[nialo]

There may not be the traditional byte at a time comparison type timing attack, but maybe this is still vulnerable to timing correlation attacks in the same sense that tor is. That is, Google or someone monitoring Google's network can look at all the messages and see who is talking to whom by matching up timing and encrypted message bodies.

[e12e]

I'm guessing: I send a message, you receive a message -> possible to infer (with some confidence) that I messaged you?

(I don't know if that would be feasible, but I suppose that's what avn2109 meant).

[ie: not a timing attack, but traffic analysis]

[avn2109]

Good point. I did indeed mean traffic analysis, not "timing attack."