Re: [openpgp] Reducing the meta-data leak
Tom Ritter <tom@ritter.vg> Tue, 03 November 2015 12:19 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39B261B32C7 for <openpgp@ietfa.amsl.com>; Tue, 3 Nov 2015 04:19:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ASdBkhcQnu0i for <openpgp@ietfa.amsl.com>; Tue, 3 Nov 2015 04:19:13 -0800 (PST)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AF441B32C6 for <openpgp@ietf.org>; Tue, 3 Nov 2015 04:19:13 -0800 (PST)
Received: by qkcl124 with SMTP id l124so5278656qkc.3 for <openpgp@ietf.org>; Tue, 03 Nov 2015 04:19:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wYNi81g+ZfeDXyjP8b+gWmzuzBaZK1htTUebMdHp7Ek=; b=0XeJUaBsAcUeMVFpX3Ulq7fsnUoqL1blGC0gVf8Puj99I0fguAInXx5fa4ItIzSyZA qm+NYPgU1Zd2O6BnbnGPuXyVlX9t6MrEmHP7sOL4pJr7cpnLusx3nX/7R5fy9LGABLdd fhh/utdIevdDZqJKJzTXnXiN+UkO8PDQyaBGk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=wYNi81g+ZfeDXyjP8b+gWmzuzBaZK1htTUebMdHp7Ek=; b=jDnLynZlcoHRR8fNIfR03YwtcthZkBTiKCQCTSZ5J++W3wR8fYgnWlny0JeTxgSTF2 UMNdK3L2axWvhWH25CLXlHq2KhANsi9rkjD8OHW2BeubT3PFLt39OoKPjr9ARUTYKK3N 5nka0FuXuKkw/+f2H04m0czFojU0f1HXRFYAmSWq9XXG3VcSyUa5kUkWNAKQVwPXJXW3 NTcN4vCZzvzEX8Ywn4f6VtL444tV0M6vIZhsjZc+GaSlk3NCZFBA+zn8H7KLaKa9Txln cmnG+/TiBqxdy5C5KtjDDfAlP9IPFzs+R8Q59jCk/vXEijy9HwlWxUgDCcVhxa5FZW9P fBfA==
X-Gm-Message-State: ALoCoQlcvkwacBQb7/djBCKLSouVFcRy8F+BKmfquYKZ7qGaOrUCOh0KiWds7o5ocmhRDVImX0QT
MIME-Version: 1.0
X-Received: by 10.55.203.20 with SMTP id d20mr21443695qkj.57.1446553152727; Tue, 03 Nov 2015 04:19:12 -0800 (PST)
Received: by 10.140.94.117 with HTTP; Tue, 3 Nov 2015 04:19:12 -0800 (PST)
In-Reply-To: <87io5j764u.wl-neal@walfield.org>
References: <87io5j764u.wl-neal@walfield.org>
Date: Tue, 03 Nov 2015 06:19:12 -0600
Message-ID: <CA+cU71n1tkap++wvW1vW5OSKuB+8FTyKpTyx616vXWwvx3Zj4w@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
To: "Neal H. Walfield" <neal@walfield.org>
Content-Type: multipart/alternative; boundary="001a11411122d141290523a1e647"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/L7oPl2iEL7AW0G3Vf54UEEVM5iE>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Reducing the meta-data leak
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 12:19:15 -0000
On Tuesday, 3 November 2015, Neal H. Walfield <neal@walfield.org> wrote: > Hi, > > At the IETF 94 OpenPGP WG session, Bryan, if I recall correctly, > suggested that we should try and hide more meta-data. For instance, > instead of listing the recipients, someone decrypting a message would > try each of their available secret keys in turn. Werner pointed out > that these probes are a pain for people who use a passphrase protected > key and I mentioned that it is a pain for people who use a smartcard, > in paritcular, those who use more than one smartcard. > > What about using a bloom filter for encoding the recipients? This, of > course, doesn't eliminate the meta-data leak and it can lead to false > positives (= gratuitious passphrase prompts / smartcard prompts), but > it should reduce the metadata leak a fair amount, I think. Thoughts? > > I'm skeptical that we could come up with a set of parameters such that this provides any real protection. On the loosest end, you would need to make it ambiguous enough such that if you tried 'all' the OpenPGP keys you would get too many false positives for it to be useful. On the tightest end, you would need to make it ambiguous enough that even if you *had* the list of the most common conversation partners of a user it would _still_ have too many false positives to be useful. And even then, the bloom filter is chosen once and set in stone in the spec for all users and use cases? It would clearly not fit some of the situations we expect OpenPGP to be used in. And I tend to lean towards more complex protocol options, but even I think user-configurable bloom filters in every OpenPGP message is going too far... -tom
- [openpgp] Reducing the meta-data leak Neal H. Walfield
- Re: [openpgp] Reducing the meta-data leak Tom Ritter
- Re: [openpgp] Reducing the meta-data leak Derek Atkins
- Re: [openpgp] Reducing the meta-data leak Neal H. Walfield
- Re: [openpgp] Reducing the meta-data leak Derek Atkins
- Re: [openpgp] Reducing the meta-data leak Ben McGinnes
- Re: [openpgp] Reducing the meta-data leak Daniel Kahn Gillmor
- Re: [openpgp] Reducing the meta-data leak Ben McGinnes
- Re: [openpgp] Reducing the meta-data leak Daniel Kahn Gillmor
- Re: [openpgp] Reducing the meta-data leak vedaal
- Re: [openpgp] Reducing the meta-data leak Daniel Kahn Gillmor