The weakness in Chaffing and Winnowing, I found, is possible as soon as there is a protocol mechanism to react on missing packets. If you are developing an implementation of Chaffing and Winnowing, you should ask yourself the question: How is the system reacting, if there are missing packets? If it´s just ignoring the missing packets, then there might be data missing, but you are not directly vulnerable to the attack. (But please think about the protocol, the ``user'' is ``running''. What will the user do, when he recognizes that the message is not complete? Will he rerequest it?) If you just rerequest the missing packets, then you are vulnerable. And if you are rerequesting the packets, but preventing the attack, then you don´t miss anything, and the system is secure (against this man-in-the-middle attack).