On Mar 20, 2019, at 5:30 PM, Gregory Maxwell <gmaxwell(_at_)gmail(_dot_)com>
wrote:
https://mailarchive.ietf.org/arch/msg/openpgp/rG-X9rp2jlbyACoosnbxRXjCeys
I buy the combining encryption with compression being useful
argument... but at the same time, openpgp compression is increasingly
far from the state-of-the-widespread-art (e.g. xz) and there probably
isn't much interest in updating it to chase the state of the art
compression (and for short human texts, I think recent machine
learning progress look like they're resulting in significantly higher
amounts of compression, -- just no one has productionized that work
yet).
I almost brought up that case, as I find it interesting and compelling, but
it’s not the case we’re dealing with here, and I thought it would be some
combination of trollish and a straw man, so I didn’t.
This is a case where there’s an issue. For those wanting a TL;DR, someone
created a text ballot that got encrypted with OpenPGP and sent in an email.
Because the encrypted ballot a single question and compressed to a different
size, so you could tell who someone voted for by the size of the ballot (all
other things being equal). [1]
This is a problem that’s worth looking at. (Also, I feel like I am a broken
record here.) There is an existing workaround for this issue, and that’s to put
a no-compression preference on the key people encrypt to.
I believe this is yet another reason why the implementations might want to move
towards compression off by default.
That wasn’t what was said at the time — at the time, the debate was that
because of this problem, compression should be banned in the standard, which is
not only more problematic (as we’re seeing now, there are a lot of people who
depend on it), and the slower way to handle things.
I am quite sure you’re frustrated, and I am too. I agree that we ought to phase
out compression, and there are a number of reasons for it. This is one of those
reasons. I’m sure that I frustrate you, too, because I consider that case to be
a minor reason. We are, however, on the same side on outcomes. Let’s
concentrate on the outcome we agree with.
Jon
[1] Getting rid of encryption does not completely solve the ballot problem; you
still need to design the ballot properly. Here’s the counter example: Consider
a ballot where someone writes in either “Alice” or “Bob.” This ballot leaks the
choice because Alice’s votes are two bytes longer in length. A ballot that
ships “[ ] Alice [ ] Bob” and asks to put an X between the appropriate brackets
is much better ballot construction. It’s still possible to get that one wrong,
too, either by accident or on purpose.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp