Re: [openpgp] Disabling compression in OpenPGP

Florian Weimer <fw@deneb.enyo.de> Wed, 19 March 2014 16:56 UTC

Return-Path: <fw@deneb.enyo.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B6A1A0429 for <openpgp@ietfa.amsl.com>; Wed, 19 Mar 2014 09:56:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqFZdGDJlOJ5 for <openpgp@ietfa.amsl.com>; Wed, 19 Mar 2014 09:56:54 -0700 (PDT)
Received: from albireo.enyo.de (albireo.enyo.de [46.237.207.196]) by ietfa.amsl.com (Postfix) with ESMTP id DD8851A040A for <openpgp@ietf.org>; Wed, 19 Mar 2014 09:56:53 -0700 (PDT)
Received: from [172.17.203.2] (helo=deneb.enyo.de) by albireo.enyo.de with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) id 1WQJnI-0002v5-97; Wed, 19 Mar 2014 17:56:44 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.80) (envelope-from <fw@deneb.enyo.de>) id 1WQJnD-0005Mp-Ta; Wed, 19 Mar 2014 17:56:39 +0100
From: Florian Weimer <fw@deneb.enyo.de>
To: Jon Callas <jon@callas.org>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com> <95BD0817-D762-41DD-8444-A0C4F7AF1003@jabberwocky.com> <CALR0uiL0-Xp8E=F3idtzBkmRNLk7K_M_cqMt+i2HdNqaNkwn=w@mail.gmail.com> <849778F8-1C16-4FF8-A039-6363C158BD1F@callas.org>
Date: Wed, 19 Mar 2014 17:56:39 +0100
In-Reply-To: <849778F8-1C16-4FF8-A039-6363C158BD1F@callas.org> (Jon Callas's message of "Wed, 19 Mar 2014 09:43:07 -0700")
Message-ID: <874n2uazzs.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/4uJnGxj8A-cL1a7zJjZxoCvlBu8
Cc: David Shaw <dshaw@jabberwocky.com>, openpgp@ietf.org, Alfredo Pironti <alfredo.pironti@inria.fr>
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2014 16:56:56 -0000

* Jon Callas:

> In specific cases, *flaws* in this conversion when combined with an
> interactive protocol can lead to an attack that is in general, not
> applicable to a non-interactive protocol with large amounts of
> compressed data.

It doesn't have to be interactive (in the sense of chosen-something
attacks).  For example, lossy voice compression tends to produce
length differences for different phonemes.  And the Wikimedia example
wasn't something interactive, either.

> But in general, this benefits the defender, as the attacker has no
> idea what the *actual* plaintext is (the compressed data) unless
> they know the base plaintext is, and small inaccuracies in the
> attackers guess lead to large differences.

But this doesn't matter if the encryption is sound, does it?