Re: [Shutup] [ietf-smtp] Compressing SMTP streams

Martijn Grooten <martijn@lapsedordinary.net> Sat, 06 February 2016 11:32 UTC

Return-Path: <martijn@lapsedordinary.net>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E13F31B2C2A; Sat, 6 Feb 2016 03:32:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.079
X-Spam-Level:
X-Spam-Status: No, score=-1.079 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_NET=0.611, HOST_MISMATCH_COM=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usB1ZhPwk1C3; Sat, 6 Feb 2016 03:32:30 -0800 (PST)
Received: from mail.lapsedordinary.net (thinksmall.vps.bitfolk.com [85.119.83.85]) by ietfa.amsl.com (Postfix) with ESMTP id 6DFC21B2C2E; Sat, 6 Feb 2016 03:32:30 -0800 (PST)
Received: by mail.lapsedordinary.net (Postfix, from userid 1000) id D5C3B34063; Sat, 6 Feb 2016 11:32:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1454758346; bh=JJ+tE3Mn1sKr3Q2mu+DJiHq1C5IQNe2Kuk62/s9sTCY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=nwl3WFYdyu3hbxt1vr6UJSY4V915oW8bKa+KUC0X2KEG/ITyU7GUOecvmnpfgh5hI ZoQZtNKaziBfl/gNXq5pdWXKyfTaObkUkC1dkpYoWmbgD8y11mXwsydo1HIyyg1WER +plL9w+AuZKfPGzcCnjzYq4SA3sJm9dsIS/lyaiQ=
Date: Sat, 6 Feb 2016 11:32:26 +0000
From: Martijn Grooten <martijn@lapsedordinary.net>
To: shutup@ietf.org
Message-ID: <20160206113226.GA21279@lapsedordinary.net>
References: <20160129180713.51570.qmail@ary.lan> <E89BE40D-6635-4581-B2B7-13F2D5190CB2@azet.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr"
Content-Disposition: inline
In-Reply-To: <E89BE40D-6635-4581-B2B7-13F2D5190CB2@azet.org>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/t4RNuu8uWTGuWhlT5wXR6eyAvPE>
Cc: ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Compressing SMTP streams
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 11:32:32 -0000

On Sat, Feb 06, 2016 at 11:15:54AM +0100, Aaron Zauner wrote:
> Do you guys have any numbers on this? I.e. what the advantage and
> compression ratio for your average mail traffic will be? I suspect
> compression is helpful in SMTP but it may also introduce
> vulnerabilities in combination with TLS. CRIME wasn't the only attack
> on compression, there's also been application layer specific attacks
> BREACH for example (breachattack.com). A team is currently working on
> improving these attacks in application layer protocols, circumvent
> counter-measures in clients et cetera (from a talk at             
> RealWorldCrypto2016 -
> https://drive.google.com/file/d/0Bzm_4XrWnl5zMkJJdHo0Rml4bXM/view?usp=sharing).                                                                                                                                                                          

I think it's fair to say (as others have done already) that none of
these attacks work against SMTP as they all require the attacker to
force the client to make specific requests to the target.

But these attacks also show that compression and encryption don't go
well together. And crypto is hard and provides plenty of opportunities
to mess up. For that reason, I would suggest following TLS 1.3 and not
combine the two, as it would teach people bad habits.

Martijn.