-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 7, 2007, at 3:19 PM, Levi Broderick wrote:
The reason for my original question was that I was unsure if such a
packet could be used to undermine the security of any protocols in the
system. Now that I think about it, though, I don't see how it
could be
done. It's unlike other attacks that use the software as an oracle
since public key information is - well - public. :)
In the pre-OpenPGP protocols, there were "comment" packets. We
removed them because people worried about them being a "covert"
channel. I put "covert" in quotes because the specific case Jeff
Schiller (then Security AD) gave was of an implementation that
lowered the security to 40 bits by putting N-40 in a comment. This is
also why the marker packet is defined the way it is.
I remember talking to Jeff and said that someone could stick anything
in packet slack space. He said, "That's different. We shouldn't give
a *defined* place for a covert channel." He was right.
A sufficiently devious person can put covert channels nearly
anywhere. (This is why steganography isn't an interesting discipline.
It's very easy to think of mats to leave keys under.) You could, for
example, leak key bits or even code a secondary message in OpenPGP
with partials. Imagine that each partial is a bit, denoted by log2
(size) & 1. Whee.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.5.2
Charset: US-ASCII
wj8DBQFFoYtMsTedWZOD3gYRAjCiAJ42W7RYoN+KZ63mZUxypbiHcLrzvwCfXZgh
CMmAF1nfvL1k9zUQKkUIiJ8=
=G8Mw
-----END PGP SIGNATURE-----