Gregory Maxwell <gmaxwell(_at_)gmail(_dot_)com> writes:
On Tue, Mar 18, 2014 at 9:00 AM, Alfredo Pironti
<alfredo(_dot_)pironti(_at_)inria(_dot_)fr> wrote:
I believe similar attacks can be mounted in different contexts where OpenPGP
is used. Hence, I propose to start discussion to amend RFC 4880 to at least
discourage (if not forbid) the use of compression.
OpenPGP compression (well, the unawareness there-of) compromised the privacy
of the Wikimedia Foundation board election a couple years ago. Users
publically
submitted ballots encrypted to the election officials, the ballots
were constant length
but the compression trivially revealed information about their content.
If it isn't disabled it may be useful to quantize the size somewhat
for a minor overhead
in order to reduce the information leak somewhat.
TLS allow implementations to randomly pad messages to mitigate these
attacks, could something similar be what OpenPGP needs?
/Simon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp