Re: [openpgp] Disabling compression in OpenPGP
Gregory Maxwell <gmaxwell@gmail.com> Tue, 18 March 2014 16:08 UTC
Return-Path: <gmaxwell@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70011A041D for <openpgp@ietfa.amsl.com>; Tue, 18 Mar 2014 09:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPjuv0KZEkKP for <openpgp@ietfa.amsl.com>; Tue, 18 Mar 2014 09:08:07 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) by ietfa.amsl.com (Postfix) with ESMTP id 7D9FC1A02F5 for <openpgp@ietf.org>; Tue, 18 Mar 2014 09:07:53 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id c11so4986685lbj.12 for <openpgp@ietf.org>; Tue, 18 Mar 2014 09:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=v+jUwAUkhxNsJ44hg7EDBJeI+XTaY8O3e9rOUWvoNc8=; b=WnYMBjgAtWeFUYiKDlHlxtRW6NhWrqr5sDPWEslNq6AEk6VQQHyYez7MqweGix2aC0 7RjazUEsL+mIEy5x4xSIKpfMTLTg1Loel2JJ1UnVBKsa57UpH3FBOGJE+GmofIT4Owe9 P/38PfGGH8kVvNZXrPbwctQJqz3lgkt1DPDsyG/WUqH9jTTjM3NOhJBhyqIS1B4kBoQD g686tXQPCgYUo/FCyqAUI8AL/kWMpLW5JrBgugU7sq5IrenDWH9VCPlxKOOE3JoQKx6N UWnb177hZM+eXXsifImyQsu+gWX3Um71ab6EEsan29frW51XdlYlXYcoQeQ0brDsJs8a IFQQ==
MIME-Version: 1.0
X-Received: by 10.112.254.163 with SMTP id aj3mr20752591lbd.20.1395158864415; Tue, 18 Mar 2014 09:07:44 -0700 (PDT)
Received: by 10.112.184.226 with HTTP; Tue, 18 Mar 2014 09:07:44 -0700 (PDT)
In-Reply-To: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com>
Date: Tue, 18 Mar 2014 09:07:44 -0700
Message-ID: <CAAS2fgS6_-4S4b-Dg2XeZdQjLUOx6=XQMmz53R53kyK_U+D_Pw@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Alfredo Pironti <alfredo.pironti@inria.fr>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/rG-X9rp2jlbyACoosnbxRXjCeys
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 16:08:10 -0000
On Tue, Mar 18, 2014 at 9:00 AM, Alfredo Pironti <alfredo.pironti@inria.fr> wrote: > I believe similar attacks can be mounted in different contexts where OpenPGP > is used. Hence, I propose to start discussion to amend RFC 4880 to at least > discourage (if not forbid) the use of compression. OpenPGP compression (well, the unawareness there-of) compromised the privacy of the Wikimedia Foundation board election a couple years ago. Users publically submitted ballots encrypted to the election officials, the ballots were constant length but the compression trivially revealed information about their content. If it isn't disabled it may be useful to quantize the size somewhat for a minor overhead in order to reduce the information leak somewhat.
- [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Simon Josefsson
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP David Shaw
- Re: [openpgp] Disabling compression in OpenPGP Andrey Jivsov
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Florian Weimer
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Nicholas Cole
- Re: [openpgp] Disabling compression in OpenPGP Werner Koch
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Werner Koch
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Hauke Laging
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell