On 4/15/15 at 2:08 PM, jon(_at_)callas(_dot_)org (Jon Callas) wrote:
Someone could wave their hand at you and give a security
reason, but it's just a handwave. The reality is that it is
*better* to have a simpler processing path than smaller messages.
Phil said, "Compression provides an oracle for the plaintext".
This attack works on TLS when used by web pages. AFAIK, it
requires that the attacker be able to control some data being
compressed which is compressed before the data he is trying to
steal. I think it also requires multiple attacks.
While I don't know any PGP use cases that match these
requirements, I don't think any of us know all the use cases,
present and future. If the application/user wants to compress,
it is straight forward to implement outside PGP, and not having
compression simplifies the code (in the long term), and avoids
what is at least a theoretical attack.
CHeers - Bill
-----------------------------------------------------------------------
Bill Frantz | Privacy is dead, get over | Periwinkle
(408)356-8506 | it. | 16345
Englewood Ave
www.pwpconsult.com | - Scott McNealy | Los Gatos,
CA 95032
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp