Re: [openpgp] Reducing the meta-data leak
"Neal H. Walfield" <neal@walfield.org> Tue, 03 November 2015 14:37 UTC
Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E251A070E for <openpgp@ietfa.amsl.com>; Tue, 3 Nov 2015 06:37:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Ez_QDQe1W_w for <openpgp@ietfa.amsl.com>; Tue, 3 Nov 2015 06:37:13 -0800 (PST)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 2EB481A1A2F for <openpgp@ietf.org>; Tue, 3 Nov 2015 06:37:13 -0800 (PST)
Received: from p5ddfa7da.dip0.t-ipconnect.de ([93.223.167.218] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <neal@walfield.org>) id 1Ztchx-0003VJ-93; Tue, 03 Nov 2015 14:37:09 +0000
Received: from grit.huenfield.org ([192.168.20.253]) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <neal@walfield.org>) id 1Ztchv-0000ML-HO; Tue, 03 Nov 2015 15:37:09 +0100
Received: from ip6-localhost.huenfield.org ([::1] helo=grit.huenfield.org.walfield.org) by grit.huenfield.org with esmtp (Exim 4.84) (envelope-from <neal@walfield.org>) id 1Ztchu-0003iY-C0; Tue, 03 Nov 2015 15:37:06 +0100
Date: Tue, 03 Nov 2015 15:37:06 +0100
Message-ID: <87h9l36tf1.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: Derek Atkins <derek@ihtfp.com>
In-Reply-To: <sjm7flz9muf.fsf@securerf.ihtfp.org>
References: <87io5j764u.wl-neal@walfield.org> <sjm7flz9muf.fsf@securerf.ihtfp.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/24.4 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-SA-Exim-Connect-IP: 192.168.20.253
X-SA-Exim-Mail-From: neal@walfield.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000)
X-SA-Exim-Scanned: Yes (on mail.huenfield.org)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/h2bbFVf0VHU1ybZ1bRvPSltuQAM>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Reducing the meta-data leak
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 14:37:19 -0000
At Tue, 03 Nov 2015 09:30:48 -0500, Derek Atkins wrote: > "Neal H. Walfield" <neal@walfield.org> writes: > > At the IETF 94 OpenPGP WG session, Bryan, if I recall correctly, > > suggested that we should try and hide more meta-data. For instance, > > instead of listing the recipients, someone decrypting a message would > > try each of their available secret keys in turn. Werner pointed out > > that these probes are a pain for people who use a passphrase protected > > key and I mentioned that it is a pain for people who use a smartcard, > > in paritcular, those who use more than one smartcard. > > > > What about using a bloom filter for encoding the recipients? This, of > > course, doesn't eliminate the meta-data leak and it can lead to false > > positives (= gratuitious passphrase prompts / smartcard prompts), but > > it should reduce the metadata leak a fair amount, I think. Thoughts? > > There was an extension at one point where you use the string 0x00...00 > for the keyID and that forced you to test all your secret keys. There > are certainly times where that is warranted; there are other times where > it is not. > > I wasn't at the meeting (in person or virtually) so I'm not sure I > completely understand what the use-case is where the above solution > doesn't work? Bryan Ford proposed getting rid of all unencrypted meta-data. In particular, he wanted to get rid of the recipients / number of recipients. There are some practical difficulties with this approach, which I mentioned above. My proposal is a blue sky idea to avoid having to try to decrypt a message with every secret key while (hopefully) making it more difficult to get at the list of recipients. Neal
- [openpgp] Reducing the meta-data leak Neal H. Walfield
- Re: [openpgp] Reducing the meta-data leak Tom Ritter
- Re: [openpgp] Reducing the meta-data leak Derek Atkins
- Re: [openpgp] Reducing the meta-data leak Neal H. Walfield
- Re: [openpgp] Reducing the meta-data leak Derek Atkins
- Re: [openpgp] Reducing the meta-data leak Ben McGinnes
- Re: [openpgp] Reducing the meta-data leak Daniel Kahn Gillmor
- Re: [openpgp] Reducing the meta-data leak Ben McGinnes
- Re: [openpgp] Reducing the meta-data leak Daniel Kahn Gillmor
- Re: [openpgp] Reducing the meta-data leak vedaal
- Re: [openpgp] Reducing the meta-data leak Daniel Kahn Gillmor