IETF Logo Mail Archive

Re: [openpgp] Padding packets

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 15 July 2022 10:46 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC7BC188738 for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 03:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odaY5fMRGzPW for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 03:45:55 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2139.outbound.protection.outlook.com [40.107.22.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53987C188719 for <openpgp@ietf.org>; Fri, 15 Jul 2022 03:45:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hAsRhj/p/Q2iVJbIJqfeNkzyIzYMXO3xl1iLKVEvd9jUvZf0i85pdx6UyE+tnig2NL55hKYraopPQWvfKGbyCDPv5o2dJiq9PIMS7ZqUxZVteoeqf+zxZdR9yy5C1XJ2BlJ1pxo+lptGXAS1OwImdKxp2RykK3izUp7BCkT4lr/id4/8eBSjm4CZIOEJIjKtpUnruWo37rFasPXEhfsZRvAsfX/+qj7QJ16rToI5vPWFTRuLKgh/ZO7OPSLcvD5/aN6bLgE+Jq/u6BZMtDgAQF1Y7wBtqNoyL1kCycrIJ9u2J5RkyEhzaVGt7aIygLowzTQu3LLcQ/NujNjGXsXEIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3ZA75HRDb66WObnevo6hgYm9MlN5n4dQ+lcrcCefNHU=; b=jMwNxyvjjlklmYrCXzWB4dgLVF72vwRTQLVie6YHbsgjWFA11EemYhMx58aMlow+VOAmGiC5sk0RubbUaF6Y6TVu0GZ2QbcLYhCr3wq0eOF7fmlcyt+31aXp8WV8VvjjnFtHo0fOZ4qkkCO1dqt8BacoQ8iuOSs0IlWgPxjvGNzTxZpZ6UwXiz/YeMfz/UwJ9VwqEty9yw9bKW4xUtokMA8F9SEHI75L8Or6eBw7FC71uKBMh+RyAwR7zfDi3azYTfxF3E/a5sL1R1toPYq1yLdn4/EXw/oWPXhoIkVxpNBZ3csZ9ZJRu89VZZBGvJer+OdchWnhjqtgGngqJfOb/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3ZA75HRDb66WObnevo6hgYm9MlN5n4dQ+lcrcCefNHU=; b=gStmeo6Fs8o8UhlOlBMgYnHPW80VNpMzb+ZaltwxmQjK6fuNmMgnAkDSWy98YKxxFWX/tisuAlvKtxninOiiDeXNM9pHxxnpZBo1qIKF6uGJSMcgyZItEc3HF/9ZB68HmE/XcEzOg7zr8mnNknmD2OjXGfHRWZmesbiHcRz0RDlnzRRMEkzo5Fia5N5bkNRZBdMmoo8CvlUG9xeRKLpZ3wN6uOZtuY2qaPfrki8cX9MRA3khdwYWPgVLwSdLg94igPQfKkSv+RT/8q6tL8j30LIgzxXyxQraio49ORSyRTQcVqlKc9ypboYEZy1tMRBA0et4YRN8Wk0UrAffoz7H8A==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB6PR0202MB2933.eurprd02.prod.outlook.com (2603:10a6:4:ad::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.19; Fri, 15 Jul 2022 10:45:50 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::8491:63e9:5e84:2d61%6]) with mapi id 15.20.5438.012; Fri, 15 Jul 2022 10:45:50 +0000
Message-ID: <4296a824-f7b0-0af4-22fa-0c4b66f1d359@cs.tcd.ie>
Date: Fri, 15 Jul 2022 11:45:47 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: openpgp@ietf.org
References: <87wndi88ri.fsf@wheatstone.g10code.de>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <87wndi88ri.fsf@wheatstone.g10code.de>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------KiLxUDsG23kB56162E3ZyVRK"
X-ClientProxiedBy: DB6PR0202CA0011.eurprd02.prod.outlook.com (2603:10a6:4:29::21) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: be44ee0c-4cbe-435a-3b86-08da664f2ecb
X-MS-TrafficTypeDiagnostic: DB6PR0202MB2933:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +18/8xzwoyzxlrqfH1IbUybP8ZiD12jr6Qnb4TUi56hLbGZ/G3Ubx3Ubq2JH3RHJTYGFfoGEr8E26PsxS8WxswqcDVONa/i3ajYMZAO4XB51LtEQ/0eGU83nMLSZ1h+hrgUEmi9fZq/6fT0fcz65okAqJtc6kkfDN/lqiaZaBGWkhEtK25bjaUcJ91xQRBiWhiVDK81hWL7FMGSADOqJIMhfkI6hs6+7lJ1FQY9c4d4vJ1QY9OfTnlOL7R/e7USqx0txaT4Cf8JY7C5RZ1ulGlR+ckoGofjPvJc+fsFx6K/GJCRLFE9387vgorPNCb931jHQujscZ4lFtrSIrqX8+z+HuOQd+l6MuUc+IBI+fL2VpuKuDSHzlpwJs19TwhnXAC2sahSi4o6sNX9B8grQu9BF0Adt2CU+UiD8A9AoETQ7VCCFw6tAbWrRD0DZzhg7MNrrrJdUvO+eu8JkevQSGcmnnJTITf/PsLlj7UzsHrRtH63rYeGmIKVPIuvmV9HTGooNynnRG6wgUnvliFGWYiPLYtYwsDQLYOQzmc+zMZFbpi2HnBw/InEnLg5cbhoCtpWL7PRAKc2ewWy6nAdI0YcY4cfIsUY1vnFggFs5qgDxZMUbc+oU+8mKJA8ced4e+FS/ffAi2At4zMAwCbH38WOVHa3jrCDU2MyCob9ISSWjDG1TBT6GdAfyNfh5yEOgDSEIGhDY6Q1LoIBaIDpnvki+I40K56+tmbajemr5cFMdeZKa6EGTzETYNBHn31wTpNp+0jfehb6ub27EK1i+LYdBtDOtQOYVug3yF9R+BgHtzRTAKDlnxI+M0ABAGDw+WON9X9Q1togJfGobp89xScYpF0aEeib6AA173QmAfmA=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(376002)(39860400002)(366004)(136003)(396003)(346002)(966005)(6486002)(41300700001)(478600001)(2616005)(21480400003)(6666004)(6506007)(53546011)(6512007)(33964004)(38100700002)(186003)(83380400001)(44832011)(235185007)(2906002)(31686004)(8936002)(8676002)(5660300002)(316002)(31696002)(86362001)(6916009)(66556008)(66946007)(66476007)(36756003)(786003)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: FCsN745lJXVCOeI3bhhi6SWWDg87Uuhb2B00+SfZSCIUgAS3z3zLmy0jBxjGqd1DjcoccLnV//PHgMtyznCIHfRJENo58PqAboILbZwpBI/D9RJWBmfeN0g5J6Yi8EeOrJl2eOPauDY7Uz7It54i09VPTatYWz6svmAOi4UhAqc2zxgsqwvVucQuMFFmSrppRtjDAhifAVYrj1tyll1VxcAxt5rJ//ogeHs2eHu4h5st447OYL4Y/aSFhaPHagOiKyfRqjqCNV8iHSfZs9kXAr181XBhfJPfsw6XlTHPs9OUmCRfOvgJ4YXtWahySabBDIvzBaCfWdLuyXrlgZRfeR9KbNGY1/CNShCABJIfO9TVEEuDWsQdaLBJ4FxQUPyY2UfnqxIbY4boeYjk5Q6xQTY2PEhthPea6FMJExw5fpgV2tEPIVDDC/+k8+Dq0Ph1hSyld28JCqN527XCV9eFfXJaax5j4xz4YtKjU838seeIraCA7ax1qllpZt+7eZK0HDj3iubOMa6AmktGXLGFjNrGZtl+LrA2/BzNd2vLr0wKlnu5SQp4gWpiCwgBlkb5VJDM/9cDjzClpBu/zYZaO0glx48pzo7flRhPjk4BmFQFyZGwE/l6+gfHuTnhv7+HIcs8z1CsFqff0mTxLoG+5ruBc9KHiheyVNSYauJHFdnTZnmOyFFdBGoGIh+yBYL+grjp9Z2FkmqTq2ceC64SBwX9mh8NTCOdfV6hH86k2dvqtbOlNSL2CQymn8J1hBI0+SFxE8rcyDL3HtDQ8tHiPPFJTo4nhQDWfljpT0tbc2iipwKU0Xge6Dvis4X0WSHkPf/1PPHvwW6G31AFgU7VBmgIYX7TbfXlbpfHYaEtwNePNVtKaRjZSBQCt4Qa6NDbpCsdKpwOLfdstlHEQXJvEH6v8SSFzD+JmUpGqeV7ouTx5BDFsqfkJ61Ed9pYlWMed7BAs8Y3UUMX5qOPjE2T+TWB97T4giQ59YZdYQhztNH2po+Eg1zTGBJLugqDxFdRRr3n1CnAZ92KGoumSrR0jPX4MD6g1g3M9TMmk9Pt5oEVecsOheW3kk+BGf9sqhl5LX/fqqB5D4ib+BV6guEo3QtUZnHue/pygQYSHU0FboaQ5DGQ8b9phCe/uPm0MjO0C51o+XNceaj/LRTlVWHwO0ntParXWPfH7QBjpJwHSe11PV04QZjihSTsmLJyOcOal4Nu1FVyig7srj19wvtcrwjleVYTQvSfLb46k6133ANB9GvrL6iA54a3cbCv00LyDQ9H5qZJH7iTeOTAwHGnye8uFHibkSWML7ZvFAeEbdx4c1iMpjGWzO8oNecErbMFvrYf0ApOJiV/DIFH7gu4evXvi9qgGZ4T4PqZvhG/ZFt+Z1pjuSA6lSMmGI0E+6g3ckYBD+8IBejo+K+8fmX30xcXqbTuKkydjSPhyZNeBsdgGdZVSkH2VVCbcm/kdSB2Hv66UUBgCXHageHDFJEOFt2HPxpPz9mwRwIK/34+eeAMWyNiyTiHcIn+gGkzBgZBcE80vkcLkhda/RNEF4J/wo+XN37DCSF1wIG01VOuYh6x7ySkSEmExTBzUpiLllTeikywNWECgEqIXplAGcZ46jBoJxT4XXwzCVSLEcp+mKgnePRBHHhYCXmwWXKXtfxP
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: be44ee0c-4cbe-435a-3b86-08da664f2ecb
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jul 2022 10:45:50.1273 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: KtJoXBoVZWSdj1EJYa7rU0UXB4/jp5jY3Jr09kRHqvetK4mjifaTbt7wNMoEHz3X
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0202MB2933
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/XD7xK484iT2DmDkAijPnawaaH8E>
Subject: Re: [openpgp] Padding packets
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2022 10:46:00 -0000

Hi Folks,

I created a gitlab issue for this one. [1] Let's see if
we've actually got rough consensus on it though...

If I were to suggest that we've converged onto merge
request 204 ([2], use zeros for padding, recommend not
compressing them) would I be wrong? Please correct me
if so before Tuesday 19th if you can.

If nobody has a problem with that we can ask the
editors to try merge [2].

Thanks,
Stephen.

[1] https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/132
[2] https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/204



On 15/06/2022 12:29, Werner Koch wrote:
> Hi!
> 
> The idea of a padding packet is in general a good idea and has been
> discussed many times:
> 
>     5.14.  Padding Packet (Tag 21)
> 
>     The Padding packet contains random data, and can be used to defend
>     against traffic analysis (see Section 14.10) on version 2 SEIPD
>     [...]
>     Its contents SHOULD be random octets to make the length obfuscation
>     it provides more robust even when compressed.
> 
> The problem with random padding packets is that this opens a high
> capacity channel with all its problems.  Having this in the protocol is
> a problem because applications taking care not to leak too much
> information will need to reject such messages and inform the user about
> a possible problem.
> 
> Please drop this.  A better mechanism to add padding is by handling this
> at the MIME layer.  In any case, a well defined pseudo-random generator
> is required.
> 
> At this opportunity I checked the Literal Data packet and unfortunately
> noticed that not only the 'u' has gone but also the 'm' which we
> introduced to declare MIME content to avoid relying on heuristics.  That
> these flags are not included in the signed material is not a problem,
> because they are only hints to the implementation.
> 
> 
> Salam-Shalom,
> 
>     Werner
> 
> 
> 
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email