Adding a nounce before hashing as covert channel
Andrew Gallagher
andrewg at andrewg.com
Mon Dec 16 16:22:49 CET 2024
On 16 Dec 2024, at 14:51, Werner Koch <wk at gnupg.org> wrote:
>
>> taking plaintext covert channels as a serious threat. Also, v5
>> signatures have extra free-text fields (filename, timestamp) that are
>> hashed-in before the main document, rather than as subpackets.
>
> Yes, they can be used. But your WG removed the bug fix (i.e. hashing
> the meta data). And that is the very reason why it is not possible to
> support that new signing format.
Werner, *you* proposed a solution for this in the LibrePGP draft:
https://datatracker.ietf.org/doc/html/draft-koch-librepgp#section-5.2.3.33
> This subpacket MAY be used to protect the meta data from the Literal Data Packet with V4 signatures
I then proposed extending this mechanism to v6 signatures:
https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-literal-metadata
> This document introduces the missing integrity check by adopting and extending the "Literal Data Meta Hash" subpacket from [LIBREPGP], section 5.2.3.33.
And then *you* told *me* that it wasn’t worth the effort implementing the fix that *you* invented:
https://lists.gnupg.org/pipermail/librepgp-discuss/2024/000005.html
> Sure, you may use it for v6 signatures. But after all why should you do it, given that it was removed from crypto-refresh for some incomprehensible reason.
Are these serious questions for which people can propose serious answers, or is it just a gish gallop? Because it feels like we’ve been going around the same circles for over a year now.
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241216/85600743/attachment.sig>
More information about the Gnupg-devel
mailing list