WKD proper behavior on fetch error
Neal H. Walfield
neal at walfield.org
Sat Jan 23 23:33:16 CET 2021
On Fri, 22 Jan 2021 23:59:36 +0100,
Andrew Gallagher via Gnupg-users wrote:
> On 22/01/2021 17:29, Daniel Kahn Gillmor via Gnupg-users wrote:
> > this is a non-backward-compatible change to the format, so i think
> > that's probably not a great outcome.
>
> I can't help thinking that length fingerprinting and padding oracles are
> a general concern, and therefore more appropriately solved at a lower
> layer of the network stack.
Padding needs to happen as close to the application as possible.
Consider the case where an application has two possible responses: a 1
bit response and a 100 MB response. Most padding schemes won't
obfuscate these two responses. Using dkg's suggestion, all 1-bit
responses would be padded to 4k and hence all responses would still be
fully distinguishable.
For a padding scheme to be useful, many different types of messages
must end up in the same size bucket. Ensuring that requires
application-specific knowledge.
Neal
More information about the Gnupg-users
mailing list