Paul Smith <paul(_at_)pscs(_dot_)co(_dot_)uk> writes:
If you do per-message compression, then I can't really see how something
like CRIME could possibly work. CRIME seems to work by using the same
compression stream over known and unknown data, so by seeing how it
compresses, you can infer something about the unknown data because you
know the known data and how the compressor works. Also, it's a 'divide
and conquer' system, so needs lots of transactions - possibly
exponentially more the bigger the compressed data is.
The potential for an attack like this on per-message encryption comes from
the fact that the leading data in email messages is fairly predictable
(the same few headers, and a given client is likely to generate them in
roughly the same order). That's where you get the known data from.
Of course, this is way worse with the full SMTP dialog, since the various
SMTP-level commands are even more predictable. But at least in theory one
might be able to derive some information about the contents of messages by
using the known text in the message headers. (In practice, I think this
would be substantially harder than CRIME.)
--
Russ Allbery (eagle(_at_)eyrie(_dot_)org)
<http://www.eyrie.org/~eagle/>
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp