Re: [openpgp] Disabling compression in OpenPGP

Peter Todd <pete@petertodd.org> Wed, 19 March 2014 20:40 UTC

Return-Path: <pete@petertodd.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86EB01A07FF for <openpgp@ietfa.amsl.com>; Wed, 19 Mar 2014 13:40:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.099
X-Spam-Level:
X-Spam-Status: No, score=0.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lO_yrLkl7zvs for <openpgp@ietfa.amsl.com>; Wed, 19 Mar 2014 13:40:41 -0700 (PDT)
Received: from outmail149095.authsmtp.com (outmail149095.authsmtp.com [62.13.149.95]) by ietfa.amsl.com (Postfix) with ESMTP id 919871A0803 for <openpgp@ietf.org>; Wed, 19 Mar 2014 13:40:41 -0700 (PDT)
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s2JKeUW3090938; Wed, 19 Mar 2014 20:40:30 GMT
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s2JKePor060984 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 19 Mar 2014 20:40:27 GMT
Date: Wed, 19 Mar 2014 16:40:47 -0400
From: Peter Todd <pete@petertodd.org>
To: Jon Callas <jon@callas.org>
Message-ID: <20140319204047.GC30999@savin>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com> <95BD0817-D762-41DD-8444-A0C4F7AF1003@jabberwocky.com> <CALR0uiL0-Xp8E=F3idtzBkmRNLk7K_M_cqMt+i2HdNqaNkwn=w@mail.gmail.com> <849778F8-1C16-4FF8-A039-6363C158BD1F@callas.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Clx92ZfkiYIKRjnr"
Content-Disposition: inline
In-Reply-To: <849778F8-1C16-4FF8-A039-6363C158BD1F@callas.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: b4b415f6-afa6-11e3-94fa-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR bgdMdwsUFVQGAgsB AmIbWVReVF17W2s7 bAxPbAVDY01GQQRq WVdMSlVNFUsrA2Z6 U35BEBl0dwxOfDBx YUFnWz4JWBZ+dEMr RFMFQzwAeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhE/ BwI1Jz8pCH1zKT9c SAUMK11aSkEOBiQx XAsDGjNnHEtNYD0+ KSQJEjYB
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system.
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/7hTCGVtx8RY3uJ_TVilv5dGmMF8
Cc: David Shaw <dshaw@jabberwocky.com>, openpgp@ietf.org, Alfredo Pironti <alfredo.pironti@inria.fr>
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2014 20:40:43 -0000

On Wed, Mar 19, 2014 at 09:43:07AM -0700, Jon Callas wrote:
> > 
> > In general, I see two patterns:
> > - Compression incidentally thwarts some attacks
> > - Compression fundamentally breaks privacy by leaking plaintext entropy (see the Wikimedia Foundation case for a quite convincing example)
> 
> 
> In general, compression does the opposite of your second bullet. It *protects* privacy by taking things that are typically not pseudo-random (what you're calling entropic) -- e.g. text -- into something that is highly pseudo-random.

That's the job of encryption, and modern encryption does that job very
well.

I strongly support turning off compression by default. That the length
of the data being encrypted is leaked is pretty easy for a non-advanced
user to figure out - just compare the encrypted and unencrypted file
lengths, or for that matter, just think about it rationally. But the
fact that information on the contents of the file is being leaked too -
exactly what encryption is supposed to prevent - is not at all obvious.

-- 
'peter'[:-1]@petertodd.org
0000000000000000bb8e8e215734f2855ab6da93a8e1caf12392231696f01f83