IETF Logo Mail Archive

[openpgp] Padding packets

Werner Koch <wk@gnupg.org> Wed, 15 June 2022 11:30 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00C08C14F743 for <openpgp@ietfa.amsl.com>; Wed, 15 Jun 2022 04:30:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7sAHCWQ8i6fa for <openpgp@ietfa.amsl.com>; Wed, 15 Jun 2022 04:30:09 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66E0BC14F718 for <openpgp@ietf.org>; Wed, 15 Jun 2022 04:30:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=h1ImRASLg0nhPbUk0EoGbAboFmR/ZumJbP5HYhtGyS8=; b=cX67QG/gSeQbCOHa+WTvU6jEYA f/PUcA5Sk4I1MSfwA7cAxLLX5p6sZjGpSUNBeVKV9B91e5Lg/VX/wTwogTg5brMPlCeElBNprsc4m ULAugIt6DSxvwiRmBK2HY5Li2OJNRM+Y80QmajQfejGv9p7O5N1JcvRb4TNfie8xDKk8=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1o1RDr-0000WB-0e for <openpgp@ietf.org>; Wed, 15 Jun 2022 13:30:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1o1RDN-00059y-Bh for <openpgp@ietf.org>; Wed, 15 Jun 2022 13:29:37 +0200
From: Werner Koch <wk@gnupg.org>
To: openpgp@ietf.org
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: openpgp@ietf.org
Date: Wed, 15 Jun 2022 13:29:37 +0200
Message-ID: <87wndi88ri.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=SLI_LF_ASLET_Lebed_Craig_Livingstone_FLiR_Afghanistan_DCJFTF_Planet-"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/npCHOnOWEWVfvztmrkqs0w00NLk>
Subject: [openpgp] Padding packets
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2022 11:30:14 -0000

Hi!

The idea of a padding packet is in general a good idea and has been
discussed many times:

   5.14.  Padding Packet (Tag 21)

   The Padding packet contains random data, and can be used to defend
   against traffic analysis (see Section 14.10) on version 2 SEIPD
   [...]
   Its contents SHOULD be random octets to make the length obfuscation
   it provides more robust even when compressed.

The problem with random padding packets is that this opens a high
capacity channel with all its problems.  Having this in the protocol is
a problem because applications taking care not to leak too much
information will need to reject such messages and inform the user about
a possible problem.

Please drop this.  A better mechanism to add padding is by handling this
at the MIME layer.  In any case, a well defined pseudo-random generator
is required.

At this opportunity I checked the Literal Data packet and unfortunately
noticed that not only the 'u' has gone but also the 'm' which we
introduced to declare MIME content to avoid relying on heuristics.  That
these flags are not included in the signed material is not a problem,
because they are only hints to the implementation.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein

v2.23.0 | Report a Bug | By Email