On Mon, Nov 09, 2020 at 02:10:31PM +0100, Marcus Brinkmann wrote:
Hi,
Thanks for reminding me about previous efforts for header protection. We
mention Memory Hole in the paper, but a longer discussion had to be left
out because of the page limit.
The main point to keep in mind is that if protected headers are
encrypted, they can't be verified before decryption. This means that
there is a window for an attacker to potentially exploit. The semantics
of AEAD ensure that no unauthenticated plaintext is emitted, closing
this gap conclusively.
Having two (or more!) sets of headers, one unprotected and one
protected, can also be very error prone and lead to usability issues.
Previous efforts have focussed on privacy, rather than as a defense to
attacks. That said, our analysis of headers used in REPLY actions should
be very relevant to other efforts protecting headers as well.
Indeed, and thanks again.
-Ben
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp