IETF Logo Mail Archive

Re: [openpgp] Padding packets

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 19 July 2022 12:02 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1468EC15A73C for <openpgp@ietfa.amsl.com>; Tue, 19 Jul 2022 05:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdWN40YAcLQZ for <openpgp@ietfa.amsl.com>; Tue, 19 Jul 2022 05:02:05 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140122.outbound.protection.outlook.com [40.107.14.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70FF8C15A73A for <openpgp@ietf.org>; Tue, 19 Jul 2022 05:02:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AZuJMDP3HPQJeqBA0M3nwijUdH8i/k13RTEyoYJACksb7ulTiaBGmeHHfBO5+w0WazTyKkCtAkHlxbjb6NSuWIkQWxFpHqPK9zRNjm5NXZALC8D9iRrGjX5PrOJbABUD7tFZrVo40RYzbylPEvjrtkbilj0fZHa5wjWo3+GkcGXPN/gdwondsTRRTgrx6zwWfMeaouqoBiHDV6LP/Y20LMnqPwSeNPBsKbs6UgxPkNfgu8YvhR+06d18an8hs802j1SRVIY2T5Swf80R9uwAI6zKil6Z5FDy3DU2h3Ka8z/TqVbc4FQ4/AiC/BYtUIUBSJvLE4gRmxbvP6TA/lOz0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uw72n92BLJ95qhwsBv37Yo7Vqshn6h08dPI6OieiRrc=; b=IbbVcANzcGtjDwEqPD3Tw/y3fy29jFj3ZDMpmW5kWkitdGi+Uj+zOxBPHKjnezbrUGvH2shivgtznWmVGQj7poqa5Okw2jTHaCUI5GsYTXKXIZbchdv5zYzlxA4e0tO80dRvWG2nj7eOwqXI04MeXyLqrjCOQLt/zV7vsao8CdggONKeunw/o0EIJNjZ5niKvADW81iy8/RMGvX2YbXh1wJyXnxl21xVpkJwd+E79sK7t82ZF8CkK3ggZEQeufetHGBJOBUk4HhieiFrI+G+pblUMHG4JKIag3slUhZeWdh6N+SDdf1E69weWw0cSKlh5wu45dU1Qqf/MXYkEbl47Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uw72n92BLJ95qhwsBv37Yo7Vqshn6h08dPI6OieiRrc=; b=jglZNeopH1ahWqKRCPWXBvRrFJPG31/LzhuKCXZzcaU3dxcst/HdzE+okLBVNjNAHHBwfOyyjSgMhHfbia0mSY+/cetufXV2222pS6H0pLbMTQ/2aS7sehw8hUTTFa42iVgWTFjrQjHcfc0vab9Y2ZcjJJi81YrWmQ1IPr1V9WpNem/tajb42AFM7doxkfup1tWjLdhdBVEsd9E4/1e3LdK56CzCEQb0xWsNahw4+38nbkeOteUTWwNPxAGnsfol7vPqx5IGLq3ZxBiT8v7KsCUWIdUBAreMPN+RUvcAYGOE4oTAO9SY8evnptk6omzcqBCePO9EsMACytL1KSZ7dg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by VI1PR02MB6319.eurprd02.prod.outlook.com (2603:10a6:800:197::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.23; Tue, 19 Jul 2022 12:01:59 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61%6]) with mapi id 15.20.5438.023; Tue, 19 Jul 2022 12:01:59 +0000
Message-ID: <42da359e-cce9-a392-ffaf-ab07ec550530@cs.tcd.ie>
Date: Tue, 19 Jul 2022 13:01:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: openpgp@ietf.org
References: <87wndi88ri.fsf@wheatstone.g10code.de> <4296a824-f7b0-0af4-22fa-0c4b66f1d359@cs.tcd.ie>
In-Reply-To: <4296a824-f7b0-0af4-22fa-0c4b66f1d359@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------zdPCf9lkykSpK0n5ihltcL7V"
X-ClientProxiedBy: DB6PR07CA0080.eurprd07.prod.outlook.com (2603:10a6:6:2b::18) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8bab6d6a-955f-429e-8ba7-08da697e7c27
X-MS-TrafficTypeDiagnostic: VI1PR02MB6319:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: rT6c0BVql1EkZqhufu2/l6ttpnoMrEYiMPbouy6eq/suIIRNSk4+s5NjednfAdvyotfMaMkgfSySaiZXg6l+3I3Cp+td5eDGT9e4JHoSjSoHDeuPKoQn88X/ElwT8qHIdHKhFK19QlYkcUVdHhkbZPRuXownFOs4uA4tkSghDKnqscyXLbpoOpVDgiRtztXvnRBHY6JXN+rXXt08JdSnLdiDw7yWNlH6H3Tl6ZroNg8io6I3ZKt3PucyifXFn/5LoD3C1Z+NdfhjdBkFYwxlnVZOrtft8eZUiMMRLrKq5d0wWUsvdwEA1wbB/iqhTYTWslwO1168OGFWe9QyV75R9v3W7tSRr0zK9yYRC1TzLNnrIsQj2vzp+ruA+XFGGASkHyrkfOlEUKnrEilPVBVivUZ12jtoHmg85zPLbmobqkMk0naXEyrnTP5ikLNnWR1RXKzm3vt0pH3N90K+W01YLEvnRGqzT1+zYDT4qE7oQpnY6lwOL1siM6TdnnNvq03n9GzvpAg3At9rDun2lcKCihoP9BaAmsVlpg8rKmn5bKy674eSINMZ+V3z9TGhXE+xbZkjaIcs1IMeB1BLMJS2FGwxHyrz75Ufysa3s9C72HTTmTkZwnrlUA4WSNGzZnR0UkYlVGcR+rujEJOexuwjTpMUr84rYcOPHflncVAWjQTAkAFP9vx/7yrEGF9vFFomI6BQ3WJwfIgqUxzumVpg8HADvCzBpmO9b88RzcNThJPyol4oIkCYidJfdLBJyAnNjcyJCAtKuzVCtU7fdfZ9VD5ojGlSbTkmSa30ZeR9RbUWg2AwPt15UlS9pOUx0IK1RfG/P6zc86o20fUCA/b5OPoZLaK3dLOvArUIcsZNcUM=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(136003)(366004)(39860400002)(376002)(346002)(396003)(5660300002)(36756003)(235185007)(6916009)(44832011)(8936002)(31686004)(8676002)(66556008)(786003)(316002)(2906002)(66476007)(966005)(186003)(6512007)(6506007)(478600001)(38100700002)(41300700001)(86362001)(33964004)(2616005)(53546011)(6486002)(83380400001)(21480400003)(31696002)(66946007)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: EHEka+vjhEQXps73ge203WbhwJdXvkB7Br+OcvNcI9n4mXq+dYXL7eNOddOMlM5ZomKL+Xgrk1Wt1csMvHfE5mRIAdLnQn4Eu509iMNIsk1rkwwnAme2mu9BgHpr+3HMU5rjoCR0iT1APTD/7j+MPJIlHZlXqQXRmmFQtT5evu4IhCBubjGL5LhzcehAFgmHtOki7ZzFh7KgeeqE6YUb8p8r/kLpspP88seVivaiOC25PZz8WjW1HNz39CgjM5jFhvtYC6M8CN4kbZTPrfg5yXlOSiGV/QI8S6HPpr1Oy41eSdA4j/ICGeLKZzNlddj2SuAQW6gBzKM5FLmBcY+TNUZdne9fDXrOLjv5Yb6s106D3JrBKUwh1214baYQDkPopXz64jejtwI8+VN+TgmNAUJY7yHjgty9+FdpaEpzTYoDbUyOHxRtTH2kP88Ibc+mVy6hWjWYC6qVak2PeaYrdz04YxQ2PcJKrVtm9SHSeeR0BuFsV9iNw3O8Ed6MHN4/+wioTOqRww/StcwULQ5s2pth9AoK8mzjZQPTsxgZU4+fW+XA3ed1nIQlPZyadyQLfBGTc6N9X8C/Ro26a2X3K/8CM/aUtb/eqHjx4LwkgEtdlwHwSU95vJP03Y0qw+Pe3MQib91Ko65k1RvgeIcX7ifBMZlOPqmI+v8jegP4+k3pbnzW8OjF8X/9WAeldTynjnHNS5Frvfax3Go4u4V3KkbI7jtdToxtHD5HAcWg1wvNISPMIXHSGhOPwT9+Y1hU3y1b0060FzZxHWwdfMobfqvTRSaBLS+FTmKLl1H6MrZ91JVzp9yH2jBYhQnBu27G122NGpvT1JaWdJ/1Rk0frhPIddIa1zp9UoMoOWXmT4AZL7FUXqsU+UDKsBucCoTUx7gyByUP7mh4l51xVHxl3VufDCtsQRiDRowz7bDF2oSYk+1eBuc0U/nEIuxJOeNIKlKCxnA4SMAAtyeMgdQzx8iSkOi7aKY4D/Nxxz3HyXlp6zu62r0gc8R2GyQH5Fmd4PxVe0gN/0xLF3FDkAPRYRkXyiWLUR0yuRVOQP6DYYJBCrzi/JqDmIM0EuRLzJTI4Zqfy8ygiYUdmk7EbYpmT+u4ssmwNfF1emgMgFKK3M67Dq6Wd5wJhUvJDz0t39qd/sbZPrahRIwL00pDjp5pv13KGMmpv/AQ+erRQVCeDOP84Pw6pQbhLw+cCx+LQVqSsUDf+yJTPJKY20yA8iQTo1zddUj8Z7grFxhEGjNj5ZAkWW+WgSR5EWRMdOe1zlSqnYzFhHNoIvBe6+T6S3hhXQxSC0NNrFwlZDDT5kmZYlkqdGbkN7/+tWQIBZkmL/Ji8L3n+1bpwsqjr3NY1BDeIhv7vYEtfUTswEnN8ldfVR3gna0xohCzqFeGAke3DcqmGII0klnkpTVA6MrVajqxdjH3WypprzUI/UUaflXyHE4x0vWoUHRNc6lEn3aRL6rGz4641Aeiw48wMufg9jnvgHdiUnSRq5QpYEmZ9dTmBYKi8YVjOGOWA9vQMysWFVUdOBuuD2vkLmc78WdU5IMzLnlHoIc7zRGkA8tjwSiJB2KTJLTohKimpBuy1kpep+VBdSFE7THLOo+XibTAMKy3VTsdL4Pv/rQbCsgfxPi5y6j97w6cZZKy+GMDex/FAuSK
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 8bab6d6a-955f-429e-8ba7-08da697e7c27
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2022 12:01:59.7827 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: LiQPFcl1F92mLRx1/nbsCgIZpXbBBX60qsUZ2e+6jQS1bqIuBlYn2+gOSAejSIHi
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR02MB6319
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/CjEs9Cad9H93XKoANwbWQhWjiW8>
Subject: Re: [openpgp] Padding packets
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 12:02:10 -0000

I guess we're not yet quite done with this one,
so let's schedule it for discussion at IETF114.

Cheers,
S

On 15/07/2022 11:45, Stephen Farrell wrote:
> 
> Hi Folks,
> 
> I created a gitlab issue for this one. [1] Let's see if
> we've actually got rough consensus on it though...
> 
> If I were to suggest that we've converged onto merge
> request 204 ([2], use zeros for padding, recommend not
> compressing them) would I be wrong? Please correct me
> if so before Tuesday 19th if you can.
> 
> If nobody has a problem with that we can ask the
> editors to try merge [2].
> 
> Thanks,
> Stephen.
> 
> [1] https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/132
> [2] https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/204
> 
> 
> 
> On 15/06/2022 12:29, Werner Koch wrote:
>> Hi!
>>
>> The idea of a padding packet is in general a good idea and has been
>> discussed many times:
>>
>>     5.14.  Padding Packet (Tag 21)
>>
>>     The Padding packet contains random data, and can be used to defend
>>     against traffic analysis (see Section 14.10) on version 2 SEIPD
>>     [...]
>>     Its contents SHOULD be random octets to make the length obfuscation
>>     it provides more robust even when compressed.
>>
>> The problem with random padding packets is that this opens a high
>> capacity channel with all its problems.  Having this in the protocol is
>> a problem because applications taking care not to leak too much
>> information will need to reject such messages and inform the user about
>> a possible problem.
>>
>> Please drop this.  A better mechanism to add padding is by handling this
>> at the MIME layer.  In any case, a well defined pseudo-random generator
>> is required.
>>
>> At this opportunity I checked the Literal Data packet and unfortunately
>> noticed that not only the 'u' has gone but also the 'm' which we
>> introduced to declare MIME content to avoid relying on heuristics.  That
>> these flags are not included in the signed material is not a problem,
>> because they are only hints to the implementation.
>>
>>
>> Salam-Shalom,
>>
>>     Werner
>>
>>
>>
>> _______________________________________________
>> openpgp mailing list
>> openpgp@ietf.org
>> https://www.ietf.org/mailman/listinfo/openpgp
> 
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email