Re: [openpgp] Deprecating compression support
Gregory Maxwell <gmaxwell@gmail.com> Thu, 21 March 2019 00:30 UTC
Return-Path: <gmaxwell@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76FAB127917 for <openpgp@ietfa.amsl.com>; Wed, 20 Mar 2019 17:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LcDoT8JFutSw for <openpgp@ietfa.amsl.com>; Wed, 20 Mar 2019 17:30:22 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 048F31275F3 for <openpgp@ietf.org>; Wed, 20 Mar 2019 17:30:22 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id a16so3598869edn.1 for <openpgp@ietf.org>; Wed, 20 Mar 2019 17:30:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NOujZlN1+glzdeAwJ3Mw8PuKXiHMiuSdnF63Alg0UAg=; b=Bnzbv/coVmAoY8/MDVWB6okSobdQhHbTRt+FtwyBt1xGt1+x8s8f/aturrm1GxXjjy uCBAqbzz8QMixUxZ/zEEI81bf8cLnWecZ3I9fmTB+0H+7Q84UyxFk4qSlJYg0UW+OOTS cPqTJWlQf8rEzzb8QpsvuTkVDdmRbjrcAgZPmHL9JpX3639Eaii9TrrGdNACaCcJoKQM ZEEghrPnmF5KwgMf2NaKdP+5cYl6JcDiruVeqVdc05JbrcHnN8YB/Kl9V0dKNSkvxZ2p YfY77PFFaeajE4XOJE4vffqU6XpH53iZDUK2JVlXcG2kk/eLRNaeMPZWBqlMkbobo6CH T/QQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NOujZlN1+glzdeAwJ3Mw8PuKXiHMiuSdnF63Alg0UAg=; b=Lxp8t4DgLuxclLZKX7C6iF356CA2f/QqA0WkLeWsYit2f5Qg1oAVOCr4nHFLs/VQFX SyK8yW0QRs8BQxQxCnYtcbH6itNiUwY6/n4qrjzasHNavU8q0JYdXeq2gzjvOqMKOX8A D72gna/rvWMMDCGrZL4WRVs8gdRurWfzqstL+mJHpgqdpY6ZLvPGvIVyPXjJhJFR5nQm SbCyouNYdVSlIzjQuqeXqYRgt/EN680QmiS3fTFhfvaQcQsQ31FagsuBGYx37b3MUfYO uoNHIlvKI+Ut1iSp0x+XBePB7O1W/XsDR6rbeFrFIaoSvE0i1yw3u/ZrEFrLsB1JTHKF FsCA==
X-Gm-Message-State: APjAAAXDDqi8XNCwy9cGTy2TvzROv20HTKMJH+eyrVJFyMdcgLJMHiOV Oyrro2ZYGCnpvifqDF1owRm6okCwBuUnp3ZUg+I=
X-Google-Smtp-Source: APXvYqwigCRdv9gdHAxjmzDhomHKJ7jcSq9KDvdv8BcMOVuAd3iFjgfkK+o4Lwtl7VgV9yF3SMlVNTkLIyIXdZFLv6U=
X-Received: by 2002:a17:906:a841:: with SMTP id dx1mr507869ejb.99.1553128220589; Wed, 20 Mar 2019 17:30:20 -0700 (PDT)
MIME-Version: 1.0
References: <871s3475dy.fsf@europa.jade-hamburg.de> <14617627-542E-4672-B83C-1B5E87561B50@icloud.com>
In-Reply-To: <14617627-542E-4672-B83C-1B5E87561B50@icloud.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
Date: Thu, 21 Mar 2019 00:30:07 +0000
Message-ID: <CAAS2fgQdUdV5hmffPrsv=PR87rx+JuXH5NNkhKgcOcMxEnm8xw@mail.gmail.com>
To: Jon Callas <joncallas=40icloud.com@dmarc.ietf.org>
Cc: "openpgp@ietf.org OpenPGP" <openpgp@ietf.org>, Jon Callas <joncallas@icloud.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/MSgpCuH3mfE5Y9BIYDMDFpDhUFA>
Subject: Re: [openpgp] Deprecating compression support
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2019 00:30:25 -0000
On Wed, Mar 20, 2019 at 8:57 PM Jon Callas <joncallas=40icloud.com@dmarc.ietf.org> wrote: > There are a number of attacks on interactive encryption protocols that use differences in different compressed plaintext to learn something about the internal structure of the plaintext. This is obviously bad. > However, *static* encryption, like OpenPGP doesn’t have this problem. > Here’s a challenge I give. > Create two plaintexts, P and P’ where P’ = compress(P). Pick any compression function and any plaintext. Now, encrypt them both, so we have E_1 = encrypt(P) and E_2 = encrypt(P’). Show that there is an advantage to an attacker for recovering P’ from E_2 over recovering P from E_1. > I assert that if you can, then your cipher is flawed and you need to replace it. There is nothing magical about compressed plaintext that makes it easier to recover. We've been here before: https://mailarchive.ietf.org/arch/msg/openpgp/rG-X9rp2jlbyACoosnbxRXjCeys I buy the combining encryption with compression being useful argument... but at the same time, openpgp compression is increasingly far from the state-of-the-widespread-art (e.g. xz) and there probably isn't much interest in updating it to chase the state of the art compression (and for short human texts, I think recent machine learning progress look like they're resulting in significantly higher amounts of compression, -- just no one has productionized that work yet).
- [openpgp] Deprecating compression support Justus Winter
- Re: [openpgp] Deprecating compression support Vincent Breitmoser
- Re: [openpgp] Deprecating compression support Neal H. Walfield
- Re: [openpgp] Deprecating compression support Derek Atkins
- Re: [openpgp] Deprecating compression support Vincent Breitmoser
- Re: [openpgp] Deprecating compression support James Howard
- Re: [openpgp] Deprecating compression support Justus Winter
- Re: [openpgp] Deprecating compression support Jon Callas
- Re: [openpgp] Deprecating compression support Andrey Jivsov
- Re: [openpgp] Deprecating compression support Peter Gutmann
- Re: [openpgp] Deprecating compression support Jon Callas
- Re: [openpgp] Deprecating compression support Vincent Breitmoser
- Re: [openpgp] Deprecating compression support Justus Winter
- Re: [openpgp] Deprecating compression support Andre Heinecke
- Re: [openpgp] Deprecating compression support Vincent Breitmoser
- Re: [openpgp] Deprecating compression support Andre Heinecke
- Re: [openpgp] Deprecating compression support Andre Heinecke
- Re: [openpgp] Deprecating compression support Daniel A. Nagy
- Re: [openpgp] Deprecating compression support Bart Butler
- Re: [openpgp] Deprecating compression support Jon Callas
- Re: [openpgp] Deprecating compression support Jon Callas
- Re: [openpgp] Deprecating compression support Marcus Brinkmann
- Re: [openpgp] Deprecating compression support Gregory Maxwell
- Re: [openpgp] Deprecating compression support Werner Koch
- Re: [openpgp] Deprecating compression support Jon Callas
- Re: [openpgp] Deprecating compression support Werner Koch
- Re: [openpgp] Deprecating compression support Ronald Tse
- Re: [openpgp] Deprecating compression support Derek Atkins
- Re: [openpgp] Deprecating compression support Bart Butler
- Re: [openpgp] Deprecating compression support Jon Callas
- Re: [openpgp] Deprecating compression support Jon Callas
- Re: [openpgp] Deprecating compression support ilf
- Re: [openpgp] Deprecating compression support Daniel Kahn Gillmor
- [openpgp] 4880bis status Neal H. Walfield
- Re: [openpgp] Deprecating compression support Neal H. Walfield
- Re: [openpgp] Deprecating compression support Neal H. Walfield
- Re: [openpgp] Deprecating compression support Andre Heinecke
- Re: [openpgp] Deprecating compression support Neal H. Walfield
- Re: [openpgp] Deprecating compression support Benjamin Kaduk
- Re: [openpgp] 4880bis status Bart Butler