Re: [openpgp] Reducing the meta-data leak

Ben McGinnes <ben@adversary.org> Sat, 02 January 2016 04:06 UTC

Return-Path: <ben@adversary.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C466B1B2A5B for <openpgp@ietfa.amsl.com>; Fri, 1 Jan 2016 20:06:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.789
X-Spam-Level:
X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gt4P4MSaLUob for <openpgp@ietfa.amsl.com>; Fri, 1 Jan 2016 20:06:21 -0800 (PST)
Received: from seditious.adversary.org (seditious.adversary.org [59.167.194.34]) by ietfa.amsl.com (Postfix) with ESMTP id AD9071B2A59 for <openpgp@ietf.org>; Fri, 1 Jan 2016 20:06:21 -0800 (PST)
Received: from localhost (seditious.adversary.org [127.0.0.1]) by seditious.adversary.org (Postfix) with ESMTP id 6A0B211C17FC; Sat, 2 Jan 2016 15:06:20 +1100 (EST)
X-Virus-Scanned: amavisd-new at adversary.org
Received: from seditious.adversary.org ([127.0.0.1]) by localhost (seditious.adversary.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0_81kyM-QWLm; Sat, 2 Jan 2016 15:06:15 +1100 (EST)
Received: from nefarious.adversary.org (seditious.adversary.org [127.0.0.1]) by seditious.adversary.org (Postfix) with ESMTP id 77BDE11C15F9; Sat, 2 Jan 2016 15:06:14 +1100 (EST)
To: "Neal H. Walfield" <neal@walfield.org>, Derek Atkins <derek@ihtfp.com>
References: <87io5j764u.wl-neal@walfield.org> <sjm7flz9muf.fsf@securerf.ihtfp.org> <87h9l36tf1.wl-neal@walfield.org>
From: Ben McGinnes <ben@adversary.org>
Openpgp: id=DB4724E6FA4286C92B4E55C4321E4E2373590E5D; url=http://www.adversary.org/ben-key.asc
Message-ID: <56874CB5.7060806@adversary.org>
Date: Sat, 2 Jan 2016 15:06:13 +1100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <87h9l36tf1.wl-neal@walfield.org>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fxtDVsUR6oJ2ax4xjmSn4TICqqPK36PmF"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/YOHaNBP0vf37WSpvWq7wi4RqJzY>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Reducing the meta-data leak
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jan 2016 04:06:22 -0000

On 4/11/2015 1:37 am, Neal H. Walfield wrote:
> 
> Bryan Ford proposed getting rid of all unencrypted meta-data.  In
> particular, he wanted to get rid of the recipients / number of
> recipients.
> 
> There are some practical difficulties with this approach,
> which I mentioned above.
> 
> My proposal is a blue sky idea to avoid having to try to decrypt a
> message with every secret key while (hopefully) making it more
> difficult to get at the list of recipients.

While I don't doubt the good intentions, I fail to see how this has
any real value.  Specifically because of the significantly larger
amounts of meta-data which already leaks from every SMTP exchange
ever.  That's the real threat and that inevitably leads to this
question:

* In what scenario has someone gone to the effort of disguising all
  their SMTP traffic (remailers, tor, whatever), but not selected an
  alias on the OpenPGP key they're using?


Regards,
Ben