Well not necessarily. That's the thing. It's not the timing attack that makes data leak for automated/noninteractive tunnels. Well technically there is still some potential leak but the issue is more about if the data being transferred is predictable then you have the plaintext.
So for a contrived example: Say I know a tunnel is transferring a sizeable dataset starting at a specific time before performing some other tasks (say a data sync before doing XYZ). I know when the connection started and I have snooped on the entire connection.
I know the initial handshake and I know the exact plaintext being transferred. That's a lot of information that can be used to grind the keys being used. That then risks that you can extract whatever information that follows after your initial dataset and potentially impersonate a participant and inject your own messages.
It's unlikely to be exploited in practice because it requires a very particular set of circumstances but it's essentially a modern, more expensive version of the attacks used on the enigma machines back in the day. It's unlikely to be exploited on random people but it isn't out of the realm of possibilities for targeted attacks on particularly juicy adversaries or between nation state actors.
So for a contrived example: Say I know a tunnel is transferring a sizeable dataset starting at a specific time before performing some other tasks (say a data sync before doing XYZ). I know when the connection started and I have snooped on the entire connection.
I know the initial handshake and I know the exact plaintext being transferred. That's a lot of information that can be used to grind the keys being used. That then risks that you can extract whatever information that follows after your initial dataset and potentially impersonate a participant and inject your own messages.
It's unlikely to be exploited in practice because it requires a very particular set of circumstances but it's essentially a modern, more expensive version of the attacks used on the enigma machines back in the day. It's unlikely to be exploited on random people but it isn't out of the realm of possibilities for targeted attacks on particularly juicy adversaries or between nation state actors.