Re: [openpgp] Disabling compression in OpenPGP

Alfredo Pironti <alfredo.pironti@inria.fr> Thu, 20 March 2014 13:56 UTC

Return-Path: <alfredo@pironti.eu>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57B821A074E for <openpgp@ietfa.amsl.com>; Thu, 20 Mar 2014 06:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UdtXebkjN8iI for <openpgp@ietfa.amsl.com>; Thu, 20 Mar 2014 06:56:18 -0700 (PDT)
Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id E37A71A06D2 for <openpgp@ietf.org>; Thu, 20 Mar 2014 06:56:17 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id n16so932829oag.27 for <openpgp@ietf.org>; Thu, 20 Mar 2014 06:56:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pironti.eu; s=google; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=DnKTLDCaU0U1lP5JWMbFSC8rmYBF6lViHbwZGGvcGPU=; b=RLPLaTQ3xtDzCC2PGvu/apbXq63mepLUwTngmos1bDpMf/0KGMoAnpNl099U85IEOr Mbw62xwafBrcDOyjEa2puhTJaxhR0BGyI/mtAXMCzNcBq4OjXVt+M3YT+bnONzCzxITQ vwF3YO/mOh9FPPT69v1cMoPcBgKY5hC2vkKq8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=DnKTLDCaU0U1lP5JWMbFSC8rmYBF6lViHbwZGGvcGPU=; b=YZxBE1AZ2n8n5Bz3sN3jaAZraytGfxYY2gSeE+lbVbd6GMPEdWbnGLwoL1MDvFpa6m F6SCzmwAlTxwjoWsgqWxeDFzELtLobAurqvcUvKPs2UoT8GCmdD4zpawuaN1YmE3a2Gb rdtTDF9V0n00URPBk0alxTkoGSb6ddFXyXwviNp5G8e1iPHYv/MccwQsSbmM1hZxHIBs jeKEDJxS5Y3iTWU3uVmv++63qyPY9rPvkKvzQYFVQk+zQSqyJqHzFP5TbHJEJpykF8CS qqn92ZNTurlFGjnyvVnK0cfzkfNLMHvHZVVx/oelfoGMxD0ehavP+Fq7i6QHsHrSeXGz naLg==
X-Gm-Message-State: ALoCoQnjr5lQ5Z+fw4XTG9i9igwYxtEazcQSGIbkykaKJLEqiG2DIdVvevZwJjmp/hYuTZTE5M2w
MIME-Version: 1.0
X-Received: by 10.60.246.165 with SMTP id xx5mr704935oec.84.1395323768395; Thu, 20 Mar 2014 06:56:08 -0700 (PDT)
Sender: alfredo@pironti.eu
Received: by 10.76.151.35 with HTTP; Thu, 20 Mar 2014 06:56:08 -0700 (PDT)
X-Originating-IP: [128.93.188.195]
In-Reply-To: <A0C19881-6D00-40AF-80D6-372FF3A94E96@callas.org>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com> <95BD0817-D762-41DD-8444-A0C4F7AF1003@jabberwocky.com> <CALR0uiL0-Xp8E=F3idtzBkmRNLk7K_M_cqMt+i2HdNqaNkwn=w@mail.gmail.com> <849778F8-1C16-4FF8-A039-6363C158BD1F@callas.org> <20140319204047.GC30999@savin> <DE00E9BD-1D37-4750-B156-BBDC4B59DB7F@callas.org> <20140319205517.GA6566@savin> <A0C19881-6D00-40AF-80D6-372FF3A94E96@callas.org>
Date: Thu, 20 Mar 2014 14:56:08 +0100
X-Google-Sender-Auth: 0bZfsehPFQm8eRNWbdLDcsEjKc0
Message-ID: <CALR0uiLLEnkKJtp6QJ0NJC5g78eA6WwUqa3hpYD6aD0_Q0G7PA@mail.gmail.com>
From: Alfredo Pironti <alfredo.pironti@inria.fr>
To: Jon Callas <jon@callas.org>
Content-Type: multipart/alternative; boundary=001a1136989890fcc304f50a21f1
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/RPu0PYTgDBJJSd1JhyNrv7r62jU
Cc: David Shaw <dshaw@jabberwocky.com>, Peter Todd <pete@petertodd.org>, "openpgp@ietf.org OpenPGP" <openpgp@ietf.org>
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 13:56:19 -0000

> Compression is on by default because it improves security.


I disagree. Compression is not a tool designed to build secure systems. Can
you be more precise in what improvement to security compression would bring?

In this discussion, the "input distribution" argument has already been
debunked: a good crypto scheme works equally well regardless of the input
distribution.

Also attacks that seemed to be thwarted by compression turned out to be
actually thwarted by the different message format that compression implies.

What other security arguments would remain in favor of compression?

Applications that rely on compression for functionality (not security) are
another matter. If your application relies on gpg compression so crucially
that a system crash would occur otherwise, then you may want to set an
explicit -z X flag to gpg anyway.


> It meets that goal. It is, however, a default. Defaults can be changed.
> Moreover, there's a way to work around the issue in the existing standard.
> Make the vote-submission key not support compression. Poof, it works.
>