On Sun, 28 Feb 2021, brian m. carlson wrote:
Is that a concern for openpgp ? openpgp is not an interactive protocol
where there is a server-client with possible MITM observing time spent?
People definitely do use OpenPGP for interactive uses where constant
time operations are relevant. For example, when you create a commit by
editing a file on GitHub, that commit will be signed by GitHub's private
key, which is an online use. This is hardly the only case where people
sign online.
While this is online, there is no negotiation to monitor where you can
learn anything based on timing, as you don't get errors back to do
timing on?
We've also seen cases where people do encryption and decryption online,
such as by sending an encrypted message to an API and getting back an
error or not depending on whether the message could be successfully
decrypted.
This does seem to be a case where constant time matters. I was not
aware that openpgp was used in such ways.
I agree that these are not the typical uses of OpenPGP, but people
definitely do use it for online operations, and therefore, we need to
properly consider them when we secure the protocol.
Sure, although if Curve448 has passed CFRG review, and other IETF
protocols are using it as well, I would think the algorithm would
be safe to use? And that constant time implementations will happen?
Especially since those other protocols like TLS or IKE would be much
more sensitive to this?
Paul
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp