Re: [Shutup] [ietf-smtp] Compressing SMTP streams

Aaron Zauner <> Sat, 06 February 2016 11:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C894D1B2C6D for <>; Sat, 6 Feb 2016 03:40:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LwORiqEn9H2R for <>; Sat, 6 Feb 2016 03:40:33 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B185C1B2C6B for <>; Sat, 6 Feb 2016 03:40:32 -0800 (PST)
Received: by with SMTP id 128so101219970wmz.1 for <>; Sat, 06 Feb 2016 03:40:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to; bh=bPlLjg9r6EGhhbzzTT6A9nb9DYcRG91RUa/dzTKGMdU=; b=OCNckXqd1YwQlUSfITtHViKhaH2kpBJLUkeFCZPsR8nw0YhvApss7c59Gf1j0bhoow jH4LRrjRq+MqAQz86PIX//sCHGPmz2aAP+x0qhOrYPw4uxoO+FhXih/FkCbVBRXO+YyV 4I8irw0WgWog8p/YE3BW4cZQTFBwbiP9g8XIk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=bPlLjg9r6EGhhbzzTT6A9nb9DYcRG91RUa/dzTKGMdU=; b=FC8EX+LniLzgNAGfhyI5lOqvbtAADaCHu1Pa+bWrVUipPlyw8kZt+EX6tlscw0h6xX UTYaAQbScOQq0mYuD9bXDTz4HNDBxQfwaLcK8vbanzQ9UAgJRat7r4p621Lv51Pc6fr0 n8Fde670VbqirY8n8bGm/vAUq8+P4IDdCklQR4S11rLQuqeU6Ux33ImrvjuON+FmQpLX A/0+1vclhjKI7A7COuzHlK12l3YJS/9N/d9vXMUEeKA+6hRMYEI7LGZ0tuHseEWvJgjd pCreWoAL0WTyLIX5MuZ1m1XBOmEEZMb1lzIrDWAaYJcrj+IDcT5O2MIvqNXjRwkWIcBG R9iQ==
X-Gm-Message-State: AG10YOQU+YtTvUc1IelxZ65SZdM6+pxX0cXz6h24LQAuVHKmBLSwfk3h5Oxogkpx6aIqxw==
X-Received: by with SMTP id g4mr18510624wje.120.1454758831290; Sat, 06 Feb 2016 03:40:31 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id jc7sm20055125wjb.33.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 06 Feb 2016 03:40:29 -0800 (PST)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_9705DC50-5026-4971-80E7-1DE0F96F0F49"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.6b2
From: Aaron Zauner <>
In-Reply-To: <>
Date: Sat, 6 Feb 2016 12:40:21 +0100
Message-Id: <>
References: <20160129180713.51570.qmail@ary.lan> <> <>
To: Martijn Grooten <>
X-Mailer: Apple Mail (2.3112)
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Compressing SMTP streams
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 06 Feb 2016 11:40:34 -0000

> On 06 Feb 2016, at 12:32, Martijn Grooten <> wrote:
> On Sat, Feb 06, 2016 at 11:15:54AM +0100, Aaron Zauner wrote:
>> Do you guys have any numbers on this? I.e. what the advantage and
>> compression ratio for your average mail traffic will be? I suspect
>> compression is helpful in SMTP but it may also introduce
>> vulnerabilities in combination with TLS. CRIME wasn't the only attack
>> on compression, there's also been application layer specific attacks
>> BREACH for example ( A team is currently working on
>> improving these attacks in application layer protocols, circumvent
>> counter-measures in clients et cetera (from a talk at
>> RealWorldCrypto2016 -
> I think it's fair to say (as others have done already) that none of
> these attacks work against SMTP as they all require the attacker to
> force the client to make specific requests to the target.

Well, yes. You just can't do JavaScript via SMTP (yet) :)

> But these attacks also show that compression and encryption don't go
> well together. And crypto is hard and provides plenty of opportunities
> to mess up. For that reason, I would suggest following TLS 1.3 and not
> combine the two, as it would teach people bad habits.

There aren't that many people looking into this, with renewed research efforts I fear that these attacks may improve significantly. The authors of mentioned work on improving these attacks explicitly mentioned other application layer protocols than HTTP(S) in the Q/A after the talk. They will also be presenting new attacks at upcoming conferences. As I see it - adding compression might reduce traffic load for some providers but at the same time may introduce new vulnerabilities in the future to already poorly-secured protocols like SMTP.