Re: Packet length: header vs. context

Levi Broderick <lpb@ece.cmu.edu> Sun, 07 January 2007 23:35 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H3hYP-0000QH-Ow for openpgp-archive@lists.ietf.org; Sun, 07 Jan 2007 18:35:53 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H3hYN-0003aq-Ab for openpgp-archive@lists.ietf.org; Sun, 07 Jan 2007 18:35:53 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l07NKd6K081750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 7 Jan 2007 16:20:39 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l07NKd9W081749; Sun, 7 Jan 2007 16:20:39 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from smtp.andrew.cmu.edu (smtp.andrew.cmu.edu [128.2.10.81]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l07NKZ2H081741 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <ietf-openpgp@imc.org>; Sun, 7 Jan 2007 16:20:36 -0700 (MST) (envelope-from lpb@ece.cmu.edu)
Received: from [192.168.1.113] (user-24-214-137-62.knology.net [24.214.137.62]) (user=lpb mech=GSSAPI (0 bits)) by smtp.andrew.cmu.edu (8.13.6/8.13.6) with ESMTP id l07NKVKh021231 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Sun, 7 Jan 2007 18:20:34 -0500
Message-ID: <45A1801E.5070804@ece.cmu.edu>
Date: Sun, 07 Jan 2007 17:19:58 -0600
From: Levi Broderick <lpb@ece.cmu.edu>
Organization: Carnegie Mellon University
User-Agent: Thunderbird 2.0b1 (Windows/20061224)
MIME-Version: 1.0
To: Ian G <iang@systemics.com>
CC: ietf-openpgp@imc.org
Subject: Re: Packet length: header vs. context
References: <459ECBC5.3010101@ece.cmu.edu> <459FADA8.20204@systemics.com>
In-Reply-To: <459FADA8.20204@systemics.com>
X-Enigmail-Version: 0.94.1.2.0
OpenPGP: id=3FE7C25A; url=http://www.contrib.andrew.cmu.edu/~lpb/pubkey.asc
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 128.2.10.81
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f

Ian G wrote:

> Finally, the ID has passed the point of minor tweaks.  We've been at
> this for a decade now.  No more changes please, seal the document and
> let's move on.  I vote NO to any changes, even without knowing what they
> are ;)

Of course!

The reason for my original question was that I was unsure if such a
packet could be used to undermine the security of any protocols in the
system.  Now that I think about it, though, I don't see how it could be
done.  It's unlike other attacks that use the software as an oracle
since public key information is - well - public. :)

~ Levi