Re: Anybody know details about Schneier's "flaw"?
Rodney Thayer <rodney@tillerman.to> Wed, 14 August 2002 16:40 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA16148 for <openpgp-archive@lists.ietf.org>; Wed, 14 Aug 2002 12:40:56 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7EGYQT28207 for ietf-openpgp-bks; Wed, 14 Aug 2002 09:34:26 -0700 (PDT)
Received: from yancey.pkiclue.com ([209.172.115.117]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7EGYOw28200 for <ietf-openpgp@imc.org>; Wed, 14 Aug 2002 09:34:24 -0700 (PDT)
Received: from ferg237.pkiclue.com (IDENT:root@[127.0.0.1]) by yancey.pkiclue.com (8.9.3/8.9.3) with ESMTP id JAA10802 for <ietf-openpgp@imc.org>; Wed, 14 Aug 2002 09:33:59 -0700
Message-Id: <5.1.1.6.2.20020814093305.01451338@127.0.0.1>
X-Sender: pkiclue@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Wed, 14 Aug 2002 09:34:03 -0700
To: ietf-openpgp@imc.org
From: Rodney Thayer <rodney@tillerman.to>
Subject: Re: Anybody know details about Schneier's "flaw"?
In-Reply-To: <sjmn0rpwl3m.fsf@kikki.mit.edu>
References: <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com> <OF94CAB39F.FCF0A0BA-ON86256C15.00507ACA@kodak.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
I think it's got too many odd things in it to require compression. Basically it's a "if you let yourself get social engineered then your crypto can be used against you" attack. At 10:50 AM 8/14/2002 -0400, Derek Atkins wrote: >john.dlugosz@kodak.com writes: > > > Does anybody know more about this? Can a minor improvement to the new > > -bis draft fix it? > >a) this only works if you do NOT compress your messages before you encrypt. >b) this only works if you do NOT sign the message AND you do NOT use an MDC > > > --John
- Anybody know details about Schneier's "flaw"? john.dlugosz
- Re: Anybody know details about Schneier's "flaw"? Derek Atkins
- Re: Anybody know details about Schneier's "flaw"? Rodney Thayer
- Re: Anybody know details about Schneier's "flaw"? Derek Atkins
- Re: Anybody know details about Schneier's "flaw"? Marc Mutz
- Re: Anybody know details about Schneier's "flaw"? john.dlugosz
- Re: Anybody know details about Schneier's "flaw"? Jon Callas
- Re: Anybody know details about Schneier's "flaw"? Lutz Donnerhacke
- Re: Anybody know details about Schneier's "flaw"? Rodney Thayer
- Re: Anybody know details about Schneier's "flaw"? Adam Back
- Re: Anybody know details about Schneier's "flaw"? Carl Ellison
- Re: Anybody know details about Schneier's "flaw"? Dominikus Scherkl
- Re: Anybody know details about Schneier's "flaw"? Peter Gutmann
- Re: Anybody know details about Schneier's "flaw"? Adrian 'Dagurashibanipal' von Bidder
- Re: Anybody know details about Schneier's "flaw"? Werner Koch
- Re: Anybody know details about Schneier's "flaw"? Adrian 'Dagurashibanipal' von Bidder
- Re: Anybody know details about Schneier's "flaw"? David Hopwood
- Re: Anybody know details about Schneier's "flaw"? Peter Gutmann