Re: [Cfrg] possibly dumb question about the opus codec and padding

Jon Callas <jon@callas.org> Wed, 06 June 2012 15:10 UTC

Mime-Version: 1.0 (Apple Message framework v1278)
From: Jon Callas <jon@callas.org>
In-Reply-To: <4FCF6F34.1040302@cs.tcd.ie>
Date: Wed, 06 Jun 2012 08:10:54 -0700
Message-Id: <8B35D1AD-8922-456B-A8BE-1B398F6F1A03@callas.org>
References: <4FCF6F34.1040302@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Content-PGP-Universal-Saved-Content-Transfer-Encoding: quoted-printable
X-Content-PGP-Universal-Saved-Content-Type: text/plain; charset=us-ascii
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Jon Callas <jon@callas.org>
Subject: Re: [Cfrg] possibly dumb question about the opus codec and padding
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2012 15:10:58 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In my opinion, the best compromise on this would be to change MUST to SHOULD.

The spec as written says you MUST zero-pad, but you MUST accept any padding. That means that a non-compliant implementation is still interoperable, and the MUST pad is just a fig leaf. Be honest with yourself.

There is always a dilemma, because they're right, there's a covert channel. On the other hand, zero-padding creates known plaintext. Pick your poison.

In general, worrying about covert-channels is not worth it. If someone wants to create a covert channel, they can. There are infinite ways to create one, and worrying about it isn't worth the effort. Moreover, if you leave the easy way to create one in, you have an easy way to detect one, too. You can also argue that anyone who wants a covert channel wouldn't use that, because a covert channel has to be -- well, you know, *covert* -- and sticking data in the padding is pretty darned obvious.

Since I brought it up, the known plaintext in the zero-padding isn't a huge leak, either and I wouldn't worry about it. 

Thus, I think the most reasonable thing to do would be to just make the MUST a SHOULD because the MUST-accept pulls all the teeth out of the MUST-pad.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFPz3MAsTedWZOD3gYRArV6AKCETR736FriR2EEoJWMjPfUAfai5wCg6BFN
lnbfTECLak7dhRIqZKqWTpw=
=KUJm
-----END PGP SIGNATURE-----

[Cfrg] possibly dumb question about the opus code… Stephen Farrell
Re: [Cfrg] possibly dumb question about the opus … Jon Callas
Re: [Cfrg] possibly dumb question about the opus … Russ Housley
Re: [Cfrg] possibly dumb question about the opus … Scott Fluhrer (sfluhrer)
Re: [Cfrg] possibly dumb question about the opus … Hal Finney
Re: [Cfrg] possibly dumb question about the opus … Stephen Farrell
Re: [Cfrg] possibly dumb question about the opus … Jon Callas
Re: [Cfrg] possibly dumb question about the opus … Stephen Farrell
Re: [Cfrg] possibly dumb question about the opus … David Wagner
Re: [Cfrg] possibly dumb question about the opus … Jon Callas
Re: [Cfrg] possibly dumb question about the opus … Steven Bellovin
Re: [Cfrg] possibly dumb question about the opus … David Wagner
Re: [Cfrg] possibly dumb question about the opus … Stephen Farrell
Re: [Cfrg] possibly dumb question about the opus … David McGrew
Re: [Cfrg] possibly dumb question about the opus … David McGrew
Re: [Cfrg] possibly dumb question about the opus … Steven Bellovin