[Cfrg] TLV vs Compression
James Cloos <cloos@jhcloos.com> Sat, 12 July 2014 01:49 UTC
Return-Path: <cloos@jhcloos.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D13E1B2A02 for <cfrg@ietfa.amsl.com>; Fri, 11 Jul 2014 18:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.652
X-Spam-Level:
X-Spam-Status: No, score=-2.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ilp02h6ZI--A for <cfrg@ietfa.amsl.com>; Fri, 11 Jul 2014 18:49:30 -0700 (PDT)
Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.23.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B3351A00CD for <cfrg@irtf.org>; Fri, 11 Jul 2014 18:49:30 -0700 (PDT)
Received: by ore.jhcloos.com (Postfix, from userid 10) id 357F91DFE6; Sat, 12 Jul 2014 01:49:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore14; t=1405129769; bh=0JpBaLK3D94w96PEijaH9cfY66bLwl31237woxDC5Jo=; h=From:To:Subject:Date:From; b=ph/21qgsKXqolNT4MZHJKE0y5xnmBN1yd2zYbS0JgVt/TPFGH7G0K1TlP1iJMawiZ 4uwMF8JdKANj732Z67i1CJCZt2eibaxr9Oaz0LNkSrUg/nRIMnpMN2TcJ+6mvUOxNX TFouKdJ1Q1SYNnZe8CCbS0ua1atKuW9BdyT3VT4c=
Received: by carbon.jhcloos.org (Postfix, from userid 500) id 554BB6002D; Sat, 12 Jul 2014 01:36:53 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: cfrg@irtf.org, tls@ietf.org
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2014 James Cloos
OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Fri, 11 Jul 2014 21:36:53 -0400
Message-ID: <m3pphbwe6i.fsf@carbon.jhcloos.org>
Lines: 18
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:30:140712:cfrg@irtf.org::ZqQLepdbwgqFozmb:000yJE9v
X-Hashcash: 1:30:140712:tls@ietf.org::ICdn1RQwSVqZOZTV:0000aY1Zg
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/CxAgiJqnW2kVMtV-q3_7bAt2XKc
Subject: [Cfrg] TLV vs Compression
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2014 01:49:32 -0000
My understanding is that tls with compression is vulnerable due to allowing unauthenticated initiators, which permits an oracle attack. If so, does it follow that a tls-like protocol, which enables compression only when symetric key negotiation uses temporal secrets (ie, the pfs concept), when mutual authentication is done, and only for application-level data, would be safe from compression-specific attacks? Or posed differently, if an application knows that the tls socket uses pfs and is mutually authenticated, is it ever safe for *it* to compress the data it sends over said socket? And for sockets which are only half-authenticated, can it be secure for the side which authenticated its peer to compress its own outgoing data? -JimC -- James Cloos <cloos@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
- [Cfrg] TLV vs Compression James Cloos