Re: [Shutup] [ietf-smtp] Compressing SMTP streams

Kim Alvefur <zash@zash.se> Fri, 29 January 2016 19:31 UTC

Return-Path: <zash@zash.se>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 663F11B3250 for <shutup@ietfa.amsl.com>; Fri, 29 Jan 2016 11:31:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfH2jISVJVEu for <shutup@ietfa.amsl.com>; Fri, 29 Jan 2016 11:31:29 -0800 (PST)
Received: from mail.zash.se (ip66.hethane.riksnet.nu [85.11.25.66]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCF8C1B324A for <shutup@ietf.org>; Fri, 29 Jan 2016 11:31:28 -0800 (PST)
Received: from localhost (localhost [::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.zash.se (Postfix) with ESMTPSA id 23DAD60168; Fri, 29 Jan 2016 20:31:25 +0100 (CET)
To: John Levine <johnl@taugh.com>, shutup@ietf.org
References: <20160129180713.51570.qmail@ary.lan>
From: Kim Alvefur <zash@zash.se>
Openpgp: id=3E52119EF853C59678DBBF6BADED9A77B67AD329; url=http://zash.se/~zash/pubkey.asc
X-Enigmail-Draft-Status: N1110
Message-ID: <56ABBE0C.7060701@zash.se>
Date: Fri, 29 Jan 2016 20:31:24 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
In-Reply-To: <20160129180713.51570.qmail@ary.lan>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="N8HCciFxheaDR1s24njorXD0H5TxwBEF0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/-zWUsTeBDWOUJHnydAclCFjynXs>
Subject: Re: [Shutup] [ietf-smtp] Compressing SMTP streams
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 19:31:31 -0000

Hi,

On 01/29/2016 07:07 PM, John Levine wrote:
>> Compression has been removed completely from TLS v1.3, the outcome of 
>> the room consensus at IETF-89.
> 
> Bummer.
> 
> Well, in that case, here's a straw man proposal.
> 
> The extension name is COMPRESS, the EHLO keyword is COMPRESS and is
> followed by a space-separated list of compression schemes, currently
> consisting only of DEFLATE (RFC 1951.)

The XMPP community having an application layer compression extension
protocol already, <http://xmpp.org/extensions/xep-0138.html>, it is
pretty much like your proposal.

While CRIME may be less applicable to non-HTTP-protocols, such attacks
are not impossible, as demonstrated by Thijs Alkemade a few years back:

https://blog.thijsalkema.de/blog/2014/08/07/https-attacks-and-xmpp-2-crime-and-breach/

http://mail.jabber.org/pipermail/standards/2014-October/029215.html

The takeaway here is to 1) not allow compression until after any
authentication has been done and 2) flush the compression state between
messages (if the sever supports sending multiple messages over the same
SMTP session).

-- 
Kim "Zash" Alvefur