Re: [openpgp] saltpack on OpenPGP message format problems
"Neal H. Walfield" <neal@walfield.org> Wed, 10 February 2016 10:46 UTC
Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 676241A1A9D for <openpgp@ietfa.amsl.com>; Wed, 10 Feb 2016 02:46:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Level:
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V_ebKpyLLS7M for <openpgp@ietfa.amsl.com>; Wed, 10 Feb 2016 02:46:35 -0800 (PST)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 96AF11A1A9E for <openpgp@ietf.org>; Wed, 10 Feb 2016 02:46:35 -0800 (PST)
Received: from p5ddfa629.dip0.t-ipconnect.de ([93.223.166.41] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <neal@walfield.org>) id 1aTSI2-0001nT-Kr; Wed, 10 Feb 2016 10:46:30 +0000
Received: from grit.huenfield.org ([192.168.20.253]) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <neal@walfield.org>) id 1aTSI0-00065R-2E; Wed, 10 Feb 2016 11:46:30 +0100
Received: from ip6-localhost.huenfield.org ([::1] helo=grit.huenfield.org.walfield.org) by grit.huenfield.org with esmtp (Exim 4.84) (envelope-from <neal@walfield.org>) id 1aTSHy-0001qm-Uh; Wed, 10 Feb 2016 11:46:26 +0100
Date: Wed, 10 Feb 2016 11:46:26 +0100
Message-ID: <87io1wc071.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: ianG <iang@iang.org>
In-Reply-To: <56BB0308.8020504@iang.org>
References: <56BB0308.8020504@iang.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-SA-Exim-Connect-IP: 192.168.20.253
X-SA-Exim-Mail-From: neal@walfield.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000)
X-SA-Exim-Scanned: Yes (on mail.huenfield.org)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Smf79gKbEcxqCTTXbNbIqDBKe4U>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] saltpack on OpenPGP message format problems
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2016 10:46:37 -0000
On Wed, 10 Feb 2016 10:29:44 +0100, ianG wrote: > > (we should probably fix these one day) > > https://saltpack.org/pgp-message-format-problems > > We know from re-implementing PGP's message format (RFC 4880) ourselves > (here), it has a lot of issues. Some make life difficult for > implementers, but others are problems for end users too: > > 1. PGP encryption doesn't authenticate the sender. > > There's no way to verify who a PGP message is from unless it's signed. > That means that as a sender, you can't authenticate yourself without > giving up repudiability. Partly because of this, authentication is off > by default. > > In contrast, NaCl encryption authenticates the sender in a repudiable > way. That makes it easy for us to enable authentication by default. It > also means that we don't need special support for a "signed and > encrypted" mode, because very few applications actually want that. For normal users, this is probably a bug. But, for advanced users, I'd consider this a feature. Correspondingly, I think it makes sense for signing+encryption to be the default for an OpenPGP implementation and for mail clients to not offer an option to only encrypt. But, whatever the case, I don't think this should be removed. > 2. GnuPG will output data that doesn't verify. > > If you run gpg --decrypt on a corrupt message, it will print the > plaintext to stdout, and you'll only find out if the message is bad at > the end, after you've streamed out unsigned data. Try it on this > message signed by Jack's key: > > -----BEGIN PGP MESSAGE----- > Version: GnuPG v2 > > kA0DAAIBcYdraK1ILTIBy5liAFaqa7BKb2huIEphY29iIEppbmdsZWhlaW1lciBT > Y2htaWR0LApIaXMgbmFtZSBpcyBteSBuYW1lIHRvby4KV2hlbmV2ZXIgd2UgZ28g > b3V0LApUaGUgcGVvcGxlIGFsd2F5cyBzaG91dCwKVGhlcmUgZ29lcyBBIE1BTiBJ > TiBUSEUgTUlERExFIE9IIFNISUlJMTF0IQqJARwEAAECAAYFAlaqa7AACgkQcYdr > aK1ILTK6Ewf9GIIzBmtGuNeJXUGAoDbG5mmVDyMwpu3i72OwOfoSo+4GI6mT/FuV > PKh7HCKwglmTuO2oazg0sUnoktjmHxdNQuJZ+6ii/5xXb80XEHFECFDClrjwbkeE > +3irJDrpnmuQzRyJVOYh+fr7dxrlN7pgMdjlkbAgWnATZ+k1zf8z40p8SANNpXHt > 9yie6nuzKUd1LUujPa4sz6BfNW0Clcp3c0XFeU2je//4TcZ+4/Ql2B1/MdzqF4+G > TPh+B1L8k9F9TNgyh9lXyez90oRLEvw3+3o9+CvMvQb6Gb8aR+eW/rE+wabdiwSY > qfLaI0VHvwNCa1NV/5MmX6UKUzNV2c4vcAo= > =uIW7 > -----END PGP MESSAGE----- Guilhem Moulin raised this point in December and suggested using chuncked streams, which would preserve OpenPGP's streaming property: http://mailarchive.ietf.org/arch/msg/openpgp/YZP6dZMPzqlF4-9ISturX_Q_vQQ I think it is worth fixing. If not with Guilhem's solution, then with something else. > 3. Anonymous recipients aren't fully anonymous. > > Even with the --hidden-recipient flag, RSA encryption leaks some > information about the recipient's key. Is the argument here that NaCL solves this problem? > 4. PGP ASCII armor isn't friendly to modern apps and phones. > > * > One of many manglings > > Almost all apps, email clients, chat clients, and web pages do > post-processing on the text people post. PGP's whitespace pattern, use > of hyphens and slashes, and header lines are not friendly. You > shouldn't have to edit a message by hand before passing it off to your > crypto program. This is a serious problem and I think the suggestion to use base-62 encoding is a good one. Do others agree that this is worth solving? Thanks, :) Neal
- [openpgp] saltpack on OpenPGP message format prob… ianG
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Stephen Paul Weber
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Stephen Paul Weber
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Vincent Breitmoser
- Re: [openpgp] saltpack on OpenPGP message format … Neal H. Walfield
- Re: [openpgp] saltpack on OpenPGP message format … Vincent Breitmoser
- Re: [openpgp] saltpack on OpenPGP message format … Peter Gutmann
- Re: [openpgp] saltpack on OpenPGP message format … Werner Koch
- Re: [openpgp] saltpack on OpenPGP message format … Ben Laurie
- Re: [openpgp] saltpack on OpenPGP message format … Peter Gutmann
- Re: [openpgp] saltpack on OpenPGP message format … Werner Koch
- Re: [openpgp] saltpack on OpenPGP message format … Derek Atkins
- Re: [openpgp] saltpack on OpenPGP message format … ianG
- Re: [openpgp] saltpack on OpenPGP message format … Phillip Hallam-Baker
- Re: [openpgp] saltpack on OpenPGP message format … Rick van Rein