I think that yes, it would be helpful to mention that an object name must already be known in order to use this attack.
Also, the object's account must have a TempURL key set (X-Account-Meta-Temp-URL-Key or X-Account-Meta-Temp-URL-Key-2) in order for this to work; without that, there are no valid signatures at all, so no amount of timing analysis will help.
I think that yes, it would be helpful to mention that an object name must already be known in order to use this attack.
Also, the object's account must have a TempURL key set (X-Account- Meta-Temp- URL-Key or X-Account- Meta-Temp- URL-Key- 2) in order for this to work; without that, there are no valid signatures at all, so no amount of timing analysis will help.