On Fri, 22 Jan 2021 23:59:36 +0100, Andrew Gallagher via Gnupg-users wrote: > On 22/01/2021 17:29, Daniel Kahn Gillmor via Gnupg-users wrote: > > this is a non-backward-compatible change to the format, so i think > > that's probably not a great outcome. > > I can't help thinking that length fingerprinting and padding oracles are > a general concern, and therefore more appropriately solved at a lower > layer of the network stack.
Padding needs to happen as close to the application as possible. Consider the case where an application has two possible responses: a 1 bit response and a 100 MB response. Most padding schemes won't obfuscate these two responses. Using dkg's suggestion, all 1-bit responses would be padded to 4k and hence all responses would still be fully distinguishable. For a padding scheme to be useful, many different types of messages must end up in the same size bucket. Ensuring that requires application-specific knowledge. Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
