The current tmpclient fires ContextMatch and IdentityMatch independently, but the two calls travel with nearly identical timing. A network observer correlating arrival times at the router and identity agent can re-link them even when they're sent in parallel.
Add an optional randomized delay (jitter) on the identity request to decorrelate the two calls. Suggested surface:
WithDecorrelationMax(max time.Duration) Option — upper bound on the delay (default: off, recommend 5ms when enabled)- Delay drawn from
[0, max) via crypto/rand (not math/rand) before sending the identity request
Prior design lived in closed PR #9 (client/ package). That PR used math/rand/v2; we should use crypto/rand for this since it's privacy-adjacent.
Acceptance
The current
tmpclientfiresContextMatchandIdentityMatchindependently, but the two calls travel with nearly identical timing. A network observer correlating arrival times at the router and identity agent can re-link them even when they're sent in parallel.Add an optional randomized delay (jitter) on the identity request to decorrelate the two calls. Suggested surface:
WithDecorrelationMax(max time.Duration) Option— upper bound on the delay (default: off, recommend 5ms when enabled)[0, max)viacrypto/rand(notmath/rand) before sending the identity requestPrior design lived in closed PR #9 (
client/package). That PR usedmath/rand/v2; we should usecrypto/randfor this since it's privacy-adjacent.Acceptance
[0, max)