Re: [openpgp] Reducing the meta-data leak

Ben McGinnes <ben@adversary.org> Tue, 05 January 2016 01:24 UTC

Return-Path: <ben@adversary.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 247C41ACE23 for <openpgp@ietfa.amsl.com>; Mon, 4 Jan 2016 17:24:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3PtHe6LtD9la for <openpgp@ietfa.amsl.com>; Mon, 4 Jan 2016 17:24:13 -0800 (PST)
Received: from seditious.adversary.org (seditious.adversary.org [59.167.194.34]) by ietfa.amsl.com (Postfix) with ESMTP id 5219A1ACE22 for <openpgp@ietf.org>; Mon, 4 Jan 2016 17:24:13 -0800 (PST)
Received: from localhost (seditious.adversary.org [127.0.0.1]) by seditious.adversary.org (Postfix) with ESMTP id ED53811C178C; Tue, 5 Jan 2016 12:24:11 +1100 (EST)
X-Virus-Scanned: amavisd-new at adversary.org
Received: from seditious.adversary.org ([127.0.0.1]) by localhost (seditious.adversary.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id wx_aQWkoRx92; Tue, 5 Jan 2016 12:24:05 +1100 (EST)
Received: from nefarious.adversary.org (seditious.adversary.org [127.0.0.1]) by seditious.adversary.org (Postfix) with ESMTP id AC31A11C015D; Tue, 5 Jan 2016 12:24:04 +1100 (EST)
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "Neal H. Walfield" <neal@walfield.org>, Derek Atkins <derek@ihtfp.com>
References: <87io5j764u.wl-neal@walfield.org> <sjm7flz9muf.fsf@securerf.ihtfp.org> <87h9l36tf1.wl-neal@walfield.org> <56874CB5.7060806@adversary.org> <87d1tgzwi0.fsf@alice.fifthhorseman.net>
From: Ben McGinnes <ben@adversary.org>
Openpgp: id=DB4724E6FA4286C92B4E55C4321E4E2373590E5D; url=http://www.adversary.org/ben-key.asc
Message-ID: <568B1B25.7020202@adversary.org>
Date: Tue, 5 Jan 2016 12:23:49 +1100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <87d1tgzwi0.fsf@alice.fifthhorseman.net>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="sDbRT7VtE1AUB4h7PeBaLBtLFC8elUEQV"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ZlAbPzU-KlxgIXcMV40nnNJyn_8>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Reducing the meta-data leak
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2016 01:24:15 -0000

On 5/01/2016 11:43 am, Daniel Kahn Gillmor wrote:
> 
> fwiw, there is effort going into protecting some of the SMTP/RFC822
> metadata (see the discussions in shutup@ietf.org), which would make
> this kind of work within OpenPGP more valuable than it currently is
> in the full-metadata-wrapped OpenPGP e-mail use case.

With a list name like that I'm just going to have to check it out.

> Removing the metadata of who a message is for seems likely to require
> either:
> 
>  a) trial decryption on the recipient side (problematic for smartcard
>     and multiple-secret-key setups, as Neal and Werner pointed out), or
> 
>  b) some sort of racheted shared state between sender and recipient
>     (e.g. a briar- or axolotl-style esk, which might provide other nice
>     features, like "deletable" ("forward-secret") messages)
> 
> While (b) is out of scope for us here until we get 4880bis sorted, if
> someone wanted to experiment with that and report back, i'm sure it
> would be interesting to several people on the list.
> 
> Or maybe there's a (c) option?

There is, but I can't recall if I've mentioned it on this list or not,
but I know it's been mentioned on gnupg-users because that's how I
found out about it:

http://www.confidantmail.org/

An attempt at side-stepping SMTP entirely and replacing the transport
method with one of the methods used by BitTorrent.  It relies on GPG
for the message encryption and everything is contained within the
encrypted zip.  The only addressing metadata is the key UID which is
of the format of:

any-damn-thing-you-like@somehost-including-tor-hidden-sites-and-i2p-it-doesn't-care

It even includes a clever means of achieving forward secrecy, but
arguably it could benefit from hiding the OpenPGP metadata a little
better.


Regards,
Ben