Re: [openpgp] Disabling compression in OpenPGP

Gregory Maxwell <gmaxwell@gmail.com> Tue, 18 March 2014 16:08 UTC

Return-Path: <gmaxwell@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70011A041D for <openpgp@ietfa.amsl.com>; Tue, 18 Mar 2014 09:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPjuv0KZEkKP for <openpgp@ietfa.amsl.com>; Tue, 18 Mar 2014 09:08:07 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) by ietfa.amsl.com (Postfix) with ESMTP id 7D9FC1A02F5 for <openpgp@ietf.org>; Tue, 18 Mar 2014 09:07:53 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id c11so4986685lbj.12 for <openpgp@ietf.org>; Tue, 18 Mar 2014 09:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=v+jUwAUkhxNsJ44hg7EDBJeI+XTaY8O3e9rOUWvoNc8=; b=WnYMBjgAtWeFUYiKDlHlxtRW6NhWrqr5sDPWEslNq6AEk6VQQHyYez7MqweGix2aC0 7RjazUEsL+mIEy5x4xSIKpfMTLTg1Loel2JJ1UnVBKsa57UpH3FBOGJE+GmofIT4Owe9 P/38PfGGH8kVvNZXrPbwctQJqz3lgkt1DPDsyG/WUqH9jTTjM3NOhJBhyqIS1B4kBoQD g686tXQPCgYUo/FCyqAUI8AL/kWMpLW5JrBgugU7sq5IrenDWH9VCPlxKOOE3JoQKx6N UWnb177hZM+eXXsifImyQsu+gWX3Um71ab6EEsan29frW51XdlYlXYcoQeQ0brDsJs8a IFQQ==
MIME-Version: 1.0
X-Received: by 10.112.254.163 with SMTP id aj3mr20752591lbd.20.1395158864415; Tue, 18 Mar 2014 09:07:44 -0700 (PDT)
Received: by 10.112.184.226 with HTTP; Tue, 18 Mar 2014 09:07:44 -0700 (PDT)
In-Reply-To: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com>
Date: Tue, 18 Mar 2014 09:07:44 -0700
Message-ID: <CAAS2fgS6_-4S4b-Dg2XeZdQjLUOx6=XQMmz53R53kyK_U+D_Pw@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Alfredo Pironti <alfredo.pironti@inria.fr>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/rG-X9rp2jlbyACoosnbxRXjCeys
Cc: openpgp@ietf.org
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 16:08:10 -0000

On Tue, Mar 18, 2014 at 9:00 AM, Alfredo Pironti
<alfredo.pironti@inria.fr> wrote:
> I believe similar attacks can be mounted in different contexts where OpenPGP
> is used. Hence, I propose to start discussion to amend RFC 4880 to at least
> discourage (if not forbid) the use of compression.

OpenPGP compression (well, the unawareness there-of) compromised the privacy
of the Wikimedia Foundation board election a couple years ago.  Users publically
submitted ballots encrypted to the election officials, the ballots
were constant length
but the compression trivially revealed information about their content.

If it isn't disabled it may be useful to quantize the size somewhat
for a minor overhead
in order to reduce the information leak somewhat.