Re: [openpgp] Disabling compression in OpenPGP
Alfredo Pironti <alfredo.pironti@inria.fr> Thu, 20 March 2014 13:56 UTC
Return-Path: <alfredo@pironti.eu>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57B821A074E for <openpgp@ietfa.amsl.com>; Thu, 20 Mar 2014 06:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UdtXebkjN8iI for <openpgp@ietfa.amsl.com>; Thu, 20 Mar 2014 06:56:18 -0700 (PDT)
Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id E37A71A06D2 for <openpgp@ietf.org>; Thu, 20 Mar 2014 06:56:17 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id n16so932829oag.27 for <openpgp@ietf.org>; Thu, 20 Mar 2014 06:56:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pironti.eu; s=google; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=DnKTLDCaU0U1lP5JWMbFSC8rmYBF6lViHbwZGGvcGPU=; b=RLPLaTQ3xtDzCC2PGvu/apbXq63mepLUwTngmos1bDpMf/0KGMoAnpNl099U85IEOr Mbw62xwafBrcDOyjEa2puhTJaxhR0BGyI/mtAXMCzNcBq4OjXVt+M3YT+bnONzCzxITQ vwF3YO/mOh9FPPT69v1cMoPcBgKY5hC2vkKq8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=DnKTLDCaU0U1lP5JWMbFSC8rmYBF6lViHbwZGGvcGPU=; b=YZxBE1AZ2n8n5Bz3sN3jaAZraytGfxYY2gSeE+lbVbd6GMPEdWbnGLwoL1MDvFpa6m F6SCzmwAlTxwjoWsgqWxeDFzELtLobAurqvcUvKPs2UoT8GCmdD4zpawuaN1YmE3a2Gb rdtTDF9V0n00URPBk0alxTkoGSb6ddFXyXwviNp5G8e1iPHYv/MccwQsSbmM1hZxHIBs jeKEDJxS5Y3iTWU3uVmv++63qyPY9rPvkKvzQYFVQk+zQSqyJqHzFP5TbHJEJpykF8CS qqn92ZNTurlFGjnyvVnK0cfzkfNLMHvHZVVx/oelfoGMxD0ehavP+Fq7i6QHsHrSeXGz naLg==
X-Gm-Message-State: ALoCoQnjr5lQ5Z+fw4XTG9i9igwYxtEazcQSGIbkykaKJLEqiG2DIdVvevZwJjmp/hYuTZTE5M2w
MIME-Version: 1.0
X-Received: by 10.60.246.165 with SMTP id xx5mr704935oec.84.1395323768395; Thu, 20 Mar 2014 06:56:08 -0700 (PDT)
Sender: alfredo@pironti.eu
Received: by 10.76.151.35 with HTTP; Thu, 20 Mar 2014 06:56:08 -0700 (PDT)
X-Originating-IP: [128.93.188.195]
In-Reply-To: <A0C19881-6D00-40AF-80D6-372FF3A94E96@callas.org>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com> <95BD0817-D762-41DD-8444-A0C4F7AF1003@jabberwocky.com> <CALR0uiL0-Xp8E=F3idtzBkmRNLk7K_M_cqMt+i2HdNqaNkwn=w@mail.gmail.com> <849778F8-1C16-4FF8-A039-6363C158BD1F@callas.org> <20140319204047.GC30999@savin> <DE00E9BD-1D37-4750-B156-BBDC4B59DB7F@callas.org> <20140319205517.GA6566@savin> <A0C19881-6D00-40AF-80D6-372FF3A94E96@callas.org>
Date: Thu, 20 Mar 2014 14:56:08 +0100
X-Google-Sender-Auth: 0bZfsehPFQm8eRNWbdLDcsEjKc0
Message-ID: <CALR0uiLLEnkKJtp6QJ0NJC5g78eA6WwUqa3hpYD6aD0_Q0G7PA@mail.gmail.com>
From: Alfredo Pironti <alfredo.pironti@inria.fr>
To: Jon Callas <jon@callas.org>
Content-Type: multipart/alternative; boundary="001a1136989890fcc304f50a21f1"
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/RPu0PYTgDBJJSd1JhyNrv7r62jU
Cc: David Shaw <dshaw@jabberwocky.com>, Peter Todd <pete@petertodd.org>, "openpgp@ietf.org OpenPGP" <openpgp@ietf.org>
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 13:56:19 -0000
> Compression is on by default because it improves security. I disagree. Compression is not a tool designed to build secure systems. Can you be more precise in what improvement to security compression would bring? In this discussion, the "input distribution" argument has already been debunked: a good crypto scheme works equally well regardless of the input distribution. Also attacks that seemed to be thwarted by compression turned out to be actually thwarted by the different message format that compression implies. What other security arguments would remain in favor of compression? Applications that rely on compression for functionality (not security) are another matter. If your application relies on gpg compression so crucially that a system crash would occur otherwise, then you may want to set an explicit -z X flag to gpg anyway. > It meets that goal. It is, however, a default. Defaults can be changed. > Moreover, there's a way to work around the issue in the existing standard. > Make the vote-submission key not support compression. Poof, it works. >
- [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Simon Josefsson
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP David Shaw
- Re: [openpgp] Disabling compression in OpenPGP Andrey Jivsov
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Florian Weimer
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Nicholas Cole
- Re: [openpgp] Disabling compression in OpenPGP Werner Koch
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Werner Koch
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Hauke Laging
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell