Summary here, which links to the original paper:
http://www.freedom-to-tinker.com/blog/felten/side-channel-leaks-web-applications
One possible mitigation is to add cover traffic in the form of padding
so that the information is obscured.
To that end, I hacked out a middleware. I'd like to get some feedback
(testing, suggestions for improvement, etc) from the list.
http://www.djangosnippets.org/snippets/1970/
Once it isn't broken in obvious ways, maybe we can have a security
expert get further feedback and add to core?