IETF Logo Mail Archive

Re: [openpgp] Disabling compression in OpenPGP

Simon Josefsson <simon@josefsson.org> Tue, 18 March 2014 16:48 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E5FA1A0724 for <openpgp@ietfa.amsl.com>; Tue, 18 Mar 2014 09:48:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Cbi1W9tXmbi for <openpgp@ietfa.amsl.com>; Tue, 18 Mar 2014 09:48:39 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) by ietfa.amsl.com (Postfix) with ESMTP id 112F91A06FC for <openpgp@ietf.org>; Tue, 18 Mar 2014 09:48:38 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id s2IGmOqB018989 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 18 Mar 2014 17:48:27 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Gregory Maxwell <gmaxwell@gmail.com>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com> <CAAS2fgS6_-4S4b-Dg2XeZdQjLUOx6=XQMmz53R53kyK_U+D_Pw@mail.gmail.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:140318:openpgp@ietf.org::CTzSLGsHz4L1+D5t:H5+1
X-Hashcash: 1:22:140318:gmaxwell@gmail.com::oR87WCpcUHlWNjxH:Jnyn
X-Hashcash: 1:22:140318:alfredo.pironti@inria.fr::V11ems8i1JtQz3uB:sP44
Date: Tue, 18 Mar 2014 17:48:24 +0100
In-Reply-To: <CAAS2fgS6_-4S4b-Dg2XeZdQjLUOx6=XQMmz53R53kyK_U+D_Pw@mail.gmail.com> (Gregory Maxwell's message of "Tue, 18 Mar 2014 09:07:44 -0700")
Message-ID: <87wqfre9lz.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.98.1 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/mxsOENo_yPOseLbHwBteT_c8QKs
X-Mailman-Approved-At: Tue, 18 Mar 2014 09:52:29 -0700
Cc: openpgp@ietf.org, Alfredo Pironti <alfredo.pironti@inria.fr>
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 16:48:41 -0000

Gregory Maxwell <gmaxwell@gmail.com> writes:

> On Tue, Mar 18, 2014 at 9:00 AM, Alfredo Pironti
> <alfredo.pironti@inria.fr> wrote:
>> I believe similar attacks can be mounted in different contexts where OpenPGP
>> is used. Hence, I propose to start discussion to amend RFC 4880 to at least
>> discourage (if not forbid) the use of compression.
>
> OpenPGP compression (well, the unawareness there-of) compromised the privacy
> of the Wikimedia Foundation board election a couple years ago.  Users publically
> submitted ballots encrypted to the election officials, the ballots
> were constant length
> but the compression trivially revealed information about their content.
>
> If it isn't disabled it may be useful to quantize the size somewhat
> for a minor overhead
> in order to reduce the information leak somewhat.

TLS allow implementations to randomly pad messages to mitigate these
attacks, could something similar be what OpenPGP needs?

/Simon

v2.23.0 | Report a Bug | By Email