ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Disabling compression in OpenPGP

2014-03-20 08:51:33
On 20/03/2014 11:55 am, Alfredo Pironti wrote:
On Thu, Mar 20, 2014 at 12:25 PM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:

On Wed, 19 Mar 2014 23:58, jon(_at_)callas(_dot_)org said:

I'm really sorry your ballots got spoiled. But you can fix that with
zero changes to software nor protocol.

Yep.

However, this a problem of the voting protocol.


It would be, if the voting protocol was prescribing compression, or was
using ballots of different lengths.

Instead, here OpenPGP is to blame because it silently slips in compression.


OpenPGP doesn't make any statement about whether it preserves the
length, up or down.  Typically crypto can enlarge a packet, or it can
shrink the packet.  It's complicated, we slap on some MACs and headers
and padding and stuff, so the packet ends up growing.  Then some of that
might be clawed back by compression or ratcheting or packet slicing or
whatever.

So we don't typically promise much about packet lengths.  This becomes a
bit more germane with say disk encryption, where for some reason people
insist on not losing much space, and it becomes convenient to encrypt
block for block.

It *also* becomes an analogous issue when emailing from one person to
another, as the trackability of names and times is an issue.

As soon as you start putting some attention on what the users are doing,
a generic broad protocol such as OpenPGP and also SSH and TLS and Skype
and etc start to show edge cases where they might not be quite perfect
for the task.  Which is why there is a continuous war going on between
the folks who say "use TLS and you're secure" and the folks who have to
protect real value.

It seems general-meets-specific brittleness has become an issue when
people have a single byte protocol such as the voting protocol in use.
It could be that OpenPGP could be improved for that protocol failure
case, at the expense of harming all the other people who love the
compression.

But actually, there is a wider question here.  Is the voting protocol
properly thought out, and is OpenPGP really the answer?

I doubt.  Voting is one of the really hard problems.  Most of the
old-timers I know here will be able to go in and rip the guts out of any
simple slapped-together voting protocol.  Most of the old-timers know
that voting protocols are very hard, and they don't get involved because
it's so darn depressing.

So I'd say, no.  OpenPGP isn't to blame at all, that I see. Voting is
hard, and I expect the people who put it together didn't do nearly
enough thinking, or perhaps they assumed to much.  I for one would not
use OpenPGP to do voting.  Or if I did, and it f**ked up, I'd say darn,
my fault, should have known better :)



iang

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp