ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Disabling compression in OpenPGP

2014-03-20 09:09:39
On 20/03/2014 13:56 pm, Alfredo Pironti wrote:

In this discussion, the "input distribution" argument has already been
debunked: a good crypto scheme works equally well regardless of the input
distribution.

Also attacks that seemed to be thwarted by compression turned out to be
actually thwarted by the different message format that compression implies.

What other security arguments would remain in favor of compression?


At the margin, if a protocol finds itself finding 2x sized messages, it
may simply fail.  This leads to a security failure if the result is that
the user switches away or does something else like cleartext message
delivery (the failure known as S/MIME).

This is a very meta-argument, in that usability over time is more
important than anything else.  It's not a particularly good theoretical
argument because it lacks context, it's more like one of those
unforeseen consequences you can only find out by trying it.  We may find
on trying it that we lose half our user base because all their backups
break;  or we may not.

It's also the case that we tend to prefer to protect our existing users
and their apps more than we tend to help people who aren't as yet firmly
in that set and dependent.  This is a tendency that I argue against
vociferously in any other context except an IETF WG ;)

Or in simpler terms, if it ain't broke, don't fix it.



iang, amused that I find myself defending the old, crusty ways!

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp