Re: Packet length: header vs. context

Ian G <iang@systemics.com> Mon, 08 January 2007 15:52 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H3wnd-0003Ic-Jh for openpgp-archive@lists.ietf.org; Mon, 08 Jan 2007 10:52:37 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H3wna-0006wi-Fl for openpgp-archive@lists.ietf.org; Mon, 08 Jan 2007 10:52:37 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l08FMrA5047096 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 8 Jan 2007 08:22:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l08FMrOJ047095; Mon, 8 Jan 2007 08:22:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from www2.futureware.at ([217.19.43.211]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l08FMqCq047087 for <ietf-openpgp@imc.org>; Mon, 8 Jan 2007 08:22:52 -0700 (MST) (envelope-from iang@systemics.com)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by www2.futureware.at (Postfix) with ESMTP id 4AF5F2262DE; Mon, 8 Jan 2007 16:22:54 +0100 (CET)
Message-ID: <45A261D9.5030302@systemics.com>
Date: Mon, 08 Jan 2007 16:23:05 +0100
From: Ian G <iang@systemics.com>
User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207)
MIME-Version: 1.0
To: Levi Broderick <lpb@ece.cmu.edu>
Cc: ietf-openpgp@imc.org
Subject: Re: Packet length: header vs. context
References: <459ECBC5.3010101@ece.cmu.edu> <459FADA8.20204@systemics.com> <45A1801E.5070804@ece.cmu.edu>
In-Reply-To: <45A1801E.5070804@ece.cmu.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f

Levi Broderick wrote:
> Ian G wrote:
> 
>> Finally, the ID has passed the point of minor tweaks.  We've been at
>> this for a decade now.  No more changes please, seal the document and
>> let's move on.  I vote NO to any changes, even without knowing what they
>> are ;)
> 
> Of course!
> 
> The reason for my original question was that I was unsure if such a
> packet could be used to undermine the security of any protocols in the
> system.  Now that I think about it, though, I don't see how it could be
> done.


Always worth probing, as long as you don't mind the cringing 
of those fearful of yet more changes to the Doc :)

> It's unlike other attacks that use the software as an oracle
> since public key information is - well - public. :)


Just a minor quibble:  just because a key is named "public", 
it doesn't mean it is public.  The key marked as "public" is 
to be sent to your counterparty ... and we need to be 
careful to not confuse counterparty with "the whole world."

(I say this because I recently saw a discussion where a CA's 
criteria for audit specified that the public keys had to be 
published in public ... and the CA in question deliberately 
does not publish public keys ... because that might breach 
privacy rules ... )

iang