Issue1572

Title Privacy Leak in Version: and Comment: header
Priority bug Status resolved
Category gnupg Due Date
Version ExtLink  (go)
Superseder Nosy List naif
Assigned To Topics  (help)

Created on 2013-11-24.16:45:08 by naif, last changed 2013-11-28.16:44:15 by werner.

Messages
msg4873 (view) Author: naif Date: 2013-11-27.14:55:04
Hi Werner,

thanks! So, for GnuPG "Version:" we are ok. 

I'm going to push forward the other application authors to disable the Comment:
field, at least removing the version information.
msg4872 (view) Author: werner Date: 2013-11-27.14:49:11
There is no comment header by default.  Adding an extra option to disable it
does not make much sense - if application authors want them you need to convince
them. They are sometimes even used to convey meta information and thus a change
here would break some applications.
msg4871 (view) Author: naif Date: 2013-11-27.11:04:31
Would it possible also to provide a switch to prevent/filter out the adding of
"Comment:" header by default? 

As i did notice that all software using GnuPG add a "Comment:" version with
additional "version leak" (such as EnigMail, MacGPG, etc).

I think that would be valuable if GnuPG would, by default, filter out the
"Comment:" header unless a specific command line switch is enabled.

A Default that does not allow "Comment:" by default.

A command line switch, like --enable-comment-header, to enable it.

That way, most of the software integrating GnuPG, when upgrading will need to
manage this condition and, by default, they will not leak additional information
in the "Comment:" header.

What do you think=
msg4870 (view) Author: werner Date: 2013-11-27.10:05:54
The new default is now

  Version: GnuPG v1

with --emit-version you can add more info and with --no-emit-version the version
line is removed as before.  Pushed to all branches.  A new 1.4 release is due
next month.
msg4869 (view) Author: werner Date: 2013-11-26.20:15:25
Yeah, that it is a very old discussion on whether versions numbers are good or
bade security wise.  IIRC, we had such a discussion again on the GnuPG users
list a few month before the snow.  

Distinguishing between GnuPG-1 and GnuPG-2 would still be useful so to see
whether 1 is still in use.  Dropping the exact version number and the OS is fine
with me.

gpg can't do anything about permitting - the user may do what s/he wants. Using
sed is actually a fine way to insert whatever one likes and that is nothing
can't gpg can avoid.
msg4868 (view) Author: naif Date: 2013-11-24.17:01:20
Added GPGtools ticket
http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header
msg4867 (view) Author: naif Date: 2013-11-24.16:54:00
A discussion on this issue started on liberationtech mailing list on
https://mailman.stanford.edu/pipermail/liberationtech/2013-November/012239.html
msg4866 (view) Author: naif Date: 2013-11-24.16:49:15
This issue has been reported also on Enigmail
https://sourceforge.net/p/enigmail/bugs/215/
msg4865 (view) Author: naif Date: 2013-11-24.16:45:08
It has been noted that there are some quite important privacy leak in the
OpenPGP "Version:" and "Comment:" that contain usually very sensitive
information regarding the software version used.

In the NSA XKEYSCORE's ages, those kind of information does provide a very
important weakness. 
The Adversary capable of massively monitoring communications, profiling who
encrypt their email communications, can profile the exact version of encryption
software used waiting for a vulnerability to be found.
When a vulnerability is found for the exact version of the encryption software
used, the adversary can exploit the "exposure window" by having a prior
knowledge of the end-point encryption software weakness.

This ticket is to improve GnuPG not to permit, by default, to insert any kind of
"Version:" and "Comment:" headers, unless the end-user explicitly require to do
so with a command line argument or a configuration line.
History
Date User Action Args
2013-11-28 16:44:15wernersetstatus: chatting -> resolved
2013-11-27 14:55:04naifsetmessages: + msg4873
2013-11-27 14:49:11wernersetmessages: + msg4872
2013-11-27 11:04:31naifsetstatus: resolved -> chatting
messages: + msg4871
2013-11-27 10:05:55wernersetstatus: chatting -> resolved
messages: + msg4870
2013-11-26 20:15:25wernersetmessages: + msg4869
2013-11-24 17:01:20naifsetmessages: + msg4868
2013-11-24 16:54:00naifsetmessages: + msg4867
2013-11-24 16:49:15naifsetstatus: unread -> chatting
messages: + msg4866
2013-11-24 16:45:08naifcreate