Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 08 July 2019 01:42 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 313561202FC for <openpgp@ietfa.amsl.com>; Sun, 7 Jul 2019 18:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R4YEdhyFO-1Y for <openpgp@ietfa.amsl.com>; Sun, 7 Jul 2019 18:42:12 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE3BB1200B7 for <openpgp@ietf.org>; Sun, 7 Jul 2019 18:42:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1562550132; x=1594086132; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=pu5kdB2zKJci8g26DFFXl53leev+JJyxFOUEvUNFGmI=; b=f3BUtEk/0XUpwYfla/UVmIwTrAd94uEwe5lyyTUE/NYfoUIAh4YAwPta HdYV43old3OVpGzlTdCpQZS+ERlWZRmZd5lA43RmZ4iDc+9RxBbfsZS2g L+BT2bnSqXKCHI1/MBXqnn/PYYr9afXahfT2VnjLVr83TB/xY59oFx+BL 8ML7wbftDC3eAOaXHkcHRfRdOonU2tcKwzR4iNL9v/UhaSzwdCMYA7Tm9 1AHFo1VluMLp6R5a3O+Iq1Kfz/pDmOfhwrYPNs3i3eK9QCLGbIA0uZgVy 96sp9qT5w8nHcsTmjsJn2UQqYgD/TKmOrYRcyCDatvEa9IVNlTlPPbWof Q==;
X-IronPort-AV: E=Sophos;i="5.63,464,1557144000"; d="scan'208";a="69730030"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.5 - Outgoing - Outgoing
Received: from uxcn13-tdc-d.uoa.auckland.ac.nz ([10.6.3.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 08 Jul 2019 13:42:06 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 8 Jul 2019 13:42:06 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Mon, 8 Jul 2019 13:42:06 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Marcus Brinkmann <marcus.brinkmann=40rub.de@dmarc.ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] Bug#931238: hot armor: please drop "Version: " header
Thread-Index: AQHVNABf9gFVsbkKWUCVNeGRYih4Bqa806oAgACn+oCAAnjnvQ==
Date: Mon, 08 Jul 2019 01:42:05 +0000
Message-ID: <1562550125588.27272@cs.auckland.ac.nz>
References: <87zhm1o0f7.fsf@fifthhorseman.net> <20190706133941.tw3znn74q4iseiyo@scru.org> <54525144-b7bf-fa79-c497-ca8fbf77f89d@gmx.net>, <8d960bb1-0fe8-c2e3-fcf4-4d00ed4adfce@rub.de>
In-Reply-To: <8d960bb1-0fe8-c2e3-fcf4-4d00ed4adfce@rub.de>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/HtHI2e1o7wtOVhAYYQa_3OnnXac>
Subject: Re: [openpgp] Bug#931238: hot armor: please drop "Version: " header
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 01:42:18 -0000

Marcus Brinkmann <marcus.brinkmann=40rub.de@dmarc.ietf.org> writes:

>That seems almost like a bottomless pit.  Some thoughts (not meant to be
>exhaustive):

Thanks, saved me typing all that.  If it's going to be done as an RFC, it
needs to come with a warning that at best any countermeasures are going to
stop simple-minded fingerprinting, but not anything very advanced.

Also if it's going to be done as an RFC then it should state what threat all
this will be defending against.  "An attacker knowing that you're running out-
of-date software" barely qualifies as a threat - they can just try and attack
you anyway - and I can't see what other purpose it serves.

Peter.