ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Message padding in OpenPGP

2019-09-27 06:18:30
from [Stephen Farrell] [Permanent Link] 

Hiya,

On 27/09/2019 11:42, Daniel Kahn Gillmor wrote:

On Fri 2019-09-27 01:41:55 +0100, Stephen Farrell wrote:

On 27/09/2019 00:12, Daniel Kahn Gillmor wrote:

The ideal place to apply padding is at the application layer


That's not clear to me. It may be true or it may not.
(Perhaps that's just me being suspicious of terms like
"ideal" though:-)

As a (possible) counter-example, application layer code
is perhaps not (yet) well positioned to deal with padding
of both DNS and application layer traffic, all at once.


i agree with your concerns, Stephen, though maybe not the specific
wording.  :) I mean, DNS *is* application layer traffic, right?


Yep, you're right - I should've said "DNS and other
application layer traffic."



But you're right, as we move toward multiplexed application layer
protocols within a standard encryption layer (e.g. DNS over HTTPS on the
same endpoint that is serving "normal" HTTPS traffic as well), the
padding designs needed to mitigate size-based traffic analysis require
some sort of systemic reasoning about the combination of the application
layers involved.

So maybe the better way to say this is that padding policy should be
designed and set based on the encryption layer's properties (and padding
capabilities) and the union of all the traffic that is expected to be
encapsulated by that layer.


That's better yes. I'm not sure it's correct yet though,
but I don't know how to properly characterise it myself
as tricky corner cases abound. For example, a browser
that does DoH to a local-ish recursive might be slightly
better off padding HTTPS traffic differently from that
same browser when the DoH server is more topologically
remote. But that's definitely taking us out of the scope
of PGP. Good topic for pearg [1] though I guess.

Cheers,
S.

[1] https://irtf.org/pearg





       --dkg

Attachment: 0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Message padding in OpenPGP, Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] Message padding in OpenPGP, Derek Atkins
Previous by Thread:  Re: [openpgp] Message padding in OpenPGP, Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]