Re: Packet length: header vs. context
Jon Callas <jon@callas.org> Mon, 08 January 2007 00:47 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H3ifE-0003CG-72 for openpgp-archive@lists.ietf.org; Sun, 07 Jan 2007 19:47:00 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H3ifC-0002Jx-Lj for openpgp-archive@lists.ietf.org; Sun, 07 Jan 2007 19:47:00 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l0807fRN084648 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 7 Jan 2007 17:07:41 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l0807fW1084647; Sun, 7 Jan 2007 17:07:41 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (dsl093-068-160.sfo1.dsl.speakeasy.net [66.93.68.160]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l0807eT5084640 for <ietf-openpgp@imc.org>; Sun, 7 Jan 2007 17:07:41 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (dsl093-068-161.sfo1.dsl.speakeasy.net [66.93.68.161]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id 5943F469170 for <ietf-openpgp@imc.org>; Sun, 7 Jan 2007 16:07:40 -0800 (PST)
Received: from [66.93.68.165] ([66.93.68.165]) by keys.merrymeet.com (PGP Universal service); Sun, 07 Jan 2007 16:07:40 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Sun, 07 Jan 2007 16:07:40 -0800
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: <45A1801E.5070804@ece.cmu.edu>
References: <459ECBC5.3010101@ece.cmu.edu> <459FADA8.20204@systemics.com> <45A1801E.5070804@ece.cmu.edu>
Message-Id: <2020013B-5FAD-4FCE-8834-445A4956023F@callas.org>
From: Jon Callas <jon@callas.org>
Subject: Re: Packet length: header vs. context
Date: Sun, 07 Jan 2007 16:07:39 -0800
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.752.3)
X-PGP-Encoding-Version: 2.0.2
X-Content-PGP-Universal-Saved-Content-Transfer-Encoding: 7bit
X-Content-PGP-Universal-Saved-Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jan 7, 2007, at 3:19 PM, Levi Broderick wrote: > > The reason for my original question was that I was unsure if such a > packet could be used to undermine the security of any protocols in the > system. Now that I think about it, though, I don't see how it > could be > done. It's unlike other attacks that use the software as an oracle > since public key information is - well - public. :) In the pre-OpenPGP protocols, there were "comment" packets. We removed them because people worried about them being a "covert" channel. I put "covert" in quotes because the specific case Jeff Schiller (then Security AD) gave was of an implementation that lowered the security to 40 bits by putting N-40 in a comment. This is also why the marker packet is defined the way it is. I remember talking to Jeff and said that someone could stick anything in packet slack space. He said, "That's different. We shouldn't give a *defined* place for a covert channel." He was right. A sufficiently devious person can put covert channels nearly anywhere. (This is why steganography isn't an interesting discipline. It's very easy to think of mats to leave keys under.) You could, for example, leak key bits or even code a secondary message in OpenPGP with partials. Imagine that each partial is a bit, denoted by log2 (size) & 1. Whee. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 2.5.2 Charset: US-ASCII wj8DBQFFoYtMsTedWZOD3gYRAjCiAJ42W7RYoN+KZ63mZUxypbiHcLrzvwCfXZgh CMmAF1nfvL1k9zUQKkUIiJ8= =G8Mw -----END PGP SIGNATURE-----
- Packet length: header vs. context Levi Broderick
- Re: Packet length: header vs. context Ian G
- Re: Packet length: header vs. context Jon Callas
- Re: Packet length: header vs. context Levi Broderick
- Re: Packet length: header vs. context Jon Callas
- Re: Packet length: header vs. context Jon Callas
- Re: Packet length: header vs. context Peter Gutmann
- Re: Packet length: header vs. context Ian G
- Re: Packet length: header vs. context Ian G
- Re: Packet length: header vs. context "Hal Finney"
- Re: Packet length: header vs. context Jon Callas